C-level executives are now the major focus for social engineering attacks, according to the Verizon 2019 Data Breach Investigations Report. Senior executives are 12x more likely to be the target of social incidents, and 9x more likely to be the target of social breaches than in previous years, and financial motivation remains the key driver.
“Enterprises are increasingly using edge-based applications to deliver credible insights and experience. Supply chain data, video, and other critical–often personal–data WILL be assembled and analyzed at eye-blink speed, changing how applications utilize secure network capabilities,” says George Fischer, president of Verizon Global Enterprise. “Security must remain front and center when implementing these new applications and architectures."
This year’s findings also highlight how the growing trend to share and store information within cost-effective cloud-based solutions is exposing companies to additional security risks. Analysis found that there was a substantial shift toward compromise of cloud-based email accounts via the use of stolen credentials. In addition, publishing errors in the cloud are increasing year-over-year. Misconfiguration (“miscellaneous errors”) led to a number of massive, cloud-based file storage breaches, exposing at least 60 million records analyzed in the DBIR dataset. This accounts for 21% of breaches caused by errors.
Bryan Sartin, executive director of security professional services at Verizon comments, “As businesses embrace new digital ways of working, many are unaware of the new security risks to which they may be exposed. They really need access to cyber detection tools to gain access to a daily view of their security posture, supported with statistics on the latest cyber threats. Security needs to be seen as a flexible and smart strategic asset that constantly delivers to the businesses, and impacts the bottom line.”
For the second year in a row, financially motivated attacks outnumber cyber-espionage as the main reason for breaches in manufacturing, and this year by a more significant percentage (68%).
This year’s report also debuts new metrics and reasoning which helps identify which services are seen as the most lucrative for attackers to both scan for and attack at scale. This analysis is based on honeypot and internet scan data.
The complete Verizon 2019 Data Breach Investigations Report as well as executive summary is available on the DBIR resource page.