Annual Verizon security report says sloppiness causes most data breaches


Security threats are constantly evolving, but as Verizon’s latest DBIR (Data Breach Investigations Report) shows, the more things change in information security, the more they stay the same.

More than half (51 percent) of the data breaches analyzed in the report involved malware, 73 percent of the breaches were financially motivated, and 75 percent of security incidents were tracked back to outside actors. This year’s report found that email was the number one malware delivery vector, compared to last year, when it was web drive-by-download attacks.

The DBIR dataset, which includes 1,935 confirmed data breaches and 42,068 security incidents across 84 countries, is compiled from 65 sources, including Verizon’s own investigation team as well as the United States Secret Service and other law enforcement groups. The report distinguishes between data breaches, where data is confirmed to have been exposed to an unauthorized party, and security incidents, which are security events that compromised “the integrity, confidentiality, or availability” of data.

Ransomware is the hot new trend

Ransomware has been dominating headlines, and for good reason: It was the fifth most common malware variety in Verizon’s dataset, which is a huge jump from three years ago, when it was the 22nd most common. Ransomware attacks are still opportunistic, relying on infected websites and traditional malware delivery mechanisms to find victims, and they’re more likely to target vulnerable organizations than individual consumers, the report found.