An Investigation on Data Breaches in 2018

Recently, Verizon published their 11th edition of their Data Breaches Investigation report that looked at over 53,000 security incidents including over 2,126 confirmed data breaches. We wanted to highlight some of the key take a way’s in this report and show some of the shocking statistics businesses face when it comes to technology security in 2018. We are going to look at some of the motivating factors for hackers, what industries are affected the most and how a typical organization reacts to a cyber attack.

Who does the hacking?

73% of cyber-attacks are done by outsiders. These are organized criminal groups whose goal it is to specifically hack into systems illegally and collect information. 28% of attacks are done internally by those who may have the credentials or a way into the system with official credentials. These are especially hard to track because you never know who may be using company data for their own personal gain.

Why attack?

76% of breaches were financially motivated. Hackers are looking to steal information such as credit card numbers or social security information in order to use other people’s identities. We also see hacking in the form of malware that holds data for ransom for a fee. Found in over 39% of cases where malware was identified, ransomware is one of the most popular forms of online hacking today.

Who can be a victim?

Virtually any business that plugs in to any network could fall victim to a cyber-attack. Unfortunately, there are many ways a hacker could infiltrate in, whether it be POS, email, misuse by an employee, social media etc.  The most popular however is a direct hack by a group or person who specifically wanted to get in a particular network. Following close second is malware and phishing attempts. 4% of people will click on any given phishing campaign with 17% of all breaches happening because of human error in the everyday workplace.

Industry trends in data breaches.

Based on the Data of over 53,000 incidents and 2,126 confirmed breaches the number of the two categories for specific industries are as followed:

Accommodation: 338 breaches, 368 incidents
Education: 101 breaches, 292 incidents
Financial: 146 breaches, 598 incidents
Healthcare: 536 breaches, 750 incidents
Information: 109 breaches, 1,40 incidents
Manufacturing: 71 breaches, 536 incidents
Professional: 132 breaches, 540 incidents
Public: 304 breaches, 22,788 incidents
Retail: 169 breaches, 317 incidents

The Reaction

While most compromises happen in a very short time span, with over 87% taking a minute or less, finding out about them is a whole different story. On average, only 3% are discovered within minutes, while over 68% went undiscovered for months or more. The report states that in many cases it isn’t even the organization that recognizes the breach but an outside third party such as partners, law enforcement, or the most damaging, by customers.

Staying proactive and keeping your cyber defenses up is one of the most important things to any business in 2018. While no defense mechanism is a 100% guarantee. Having a plan and being able to respond quickly is the best chance of stopping hackers in their tracks and restoring your data.

To see the full report by Verizon click here

Contact ECMSI for a FREE network health assessment to see if your business is being effected by malware. Find out if their are any vulnerabilities in your network and what you can do to stop them! Fill out the form below.