• About Us
    • About Us
    • Board Members
    • National Cybersecurity Alliance In The News
    • Careers
  • Newsletter sign-up
  • Store
  • Stay Safe Online
    • Stay Safe Online
    • Online Safety Basics
    • Managing Your Privacy
    • Securing Key Accounts and Devices
    • Reporting Cybercrime
    • The Stay Safe Online Blog
    • COVID-19 Security Resource Library
  • Our Programs
    • Our Programs
    • CyberSecure My Business™
    • Cybersecurity Awareness Month
    • Data Privacy Week
    • Identity Management Day
    • Cybersecurity Education & Career Resources
    • Security Training and Awareness Conference
  • Resources Library
    • Resources Library
    • Infographics
    • Tip Sheets
    • Videos
    • Logos & Graphics
  • Events
    • Events
    • Security Training and Awareness Conference
    • View all Events
  • Contact Us
    • Contact Us
    • Sponsorship opportunities
Stay Safe Online
  • About Us
    • About Us
    • Board Members
    • National Cybersecurity Alliance In The News
    • Careers
  • Newsletter sign-up
  • Store
  • Stay Safe Online
    • Stay Safe Online
    • Online Safety Basics
    • Managing Your Privacy
    • Securing Key Accounts and Devices
    • Reporting Cybercrime
    • The Stay Safe Online Blog
    • COVID-19 Security Resource Library
  • Our Programs
    • Our Programs
    • CyberSecure My Business™
    • Cybersecurity Awareness Month
    • Data Privacy Week
    • Identity Management Day
    • Cybersecurity Education & Career Resources
    • Security Training and Awareness Conference
  • Resources Library
    • Resources Library
    • Infographics
    • Tip Sheets
    • Videos
    • Logos & Graphics
  • Events
    • Events
    • Security Training and Awareness Conference
    • View all Events
  • Contact Us
    • Contact Us
    • Sponsorship opportunities
Share
Keep My Business Secure

Insights from Verizon 2020 Data Breach Investigations Report: Top 5 actions to decrease human risk


June 1, 2020
| Masha Sedova, Co-Founder, Elevate Security

Elevate Security is a proud contributor to this year’s Verizon 2020 Data Breach Investigations Report (VBDIR). “The more things change, the more they remain the same” is the theme we’ve designated for this year’s report. Our team took a deep dive into the report – all 119 pages, and compiled key takeaways with a specific focus on human risk and how it could impact your defensive (and offensive) strategy moving forward.

What has changed since 2019?

Not much has changed since the 2019 VDBIR. Attackers are leaning into the approaches that require the least amount of effort and yield the greatest results – phishing and using stolen credentials. While breaches caused by phishing (22%) or stolen credentials (37%) are down slightly from 2019 (at 22%) it is notable 80% of breaches caused by hacking involve brute force or the use of lost or stolen credentials.

What has stayed the same?

Human risk from internal attackers remains substantially low in comparison to external actors (page 10) yet, errors are the only action type that continue to increase in frequency year to year. Errors were “causal events in 22% of breaches.” Financially motivated social engineering (FMSE) is keeping “error” company because it too is increasing year-over-year.

Attackers (are lazy, we all know this) prefer short paths and rarely attempt long paths. The proof is on page 31. Here are some helpful at-a-glance human risk stats (found on page 7).

  • 22% included Social attacks
  • 17% involved Malware
  • 8% of breaches were Misuse by authorized users

Top Recommended Controls:

The top controls identified by 2020 VDBIR is to “implement a security awareness and training program”. It is also important to note that the report indicated (which is also our favorite quote),

“In the past, we have observed that security awareness training can help limit the frequency and/or impact of phishing attacks. However, in some instances, this training appears to be either not carried out at all or delivered in an insufficient or inadequate manner. Whatever the reason, telling employees not to click phishing emails can be as effective as yelling “ear muffs” when you don’t want your child to hear something unpleasant.”

So what does this mean? It’s time for the industry to take a new approach to solve these top risks. Attackers take the path of least resistance which is often through users. Here are the top five actions that need to improve in your enterprise if you want to decrease human risk (in no particular order):

  • Increasing phishing reporting
  • Drive adoption of strong authentication
  • Increase malware detection rates
  • Install and use password managers
  • Decrease Sensitive data handling incidents

Prev Post

Security Best Practices for Removable Media and Devices

June 29, 2020

Next Post

Security Awareness: Episode 4 – Phishing and Ransomware

April 6, 2020

StaySafeOnline is Powered By:
Stay Informed
Subscribe to one of our newsletters
Sign Up for Updates
  • Stay Safe Online
    • Stay Safe Online
    • Online Safety Basics
    • Managing Your Privacy
    • Securing Key Accounts and Devices
    • Reporting Cybercrime
    • The Stay Safe Online Blog
    • COVID-19 Security Resource Library
  • Our Programs
    • Our Programs
    • CyberSecure My Business™
    • Cybersecurity Awareness Month
    • Data Privacy Week
    • Identity Management Day
    • Cybersecurity Education & Career Resources
    • Security Training and Awareness Conference
  • Resources Library
    • Resources Library
    • Infographics
    • Tip Sheets
    • Videos
    • Logos & Graphics
  • Events
    • Events
    • Security Training and Awareness Conference
    • View all Events
  • Contact Us
    • Contact Us
    • Sponsorship opportunities
Copyright © 2022 Stay Safe Online — NCSA. All rights reserved.