eDiscovery Daily Blog

Over 80 Percent of Hacking Related Breaches Were Related to Password Issues: Cybersecurity Trends

I’ve referred to last year’s Verizon Data Breach Investigations Report (DBIR) in several webcasts lately (including this one) and realized that this year’s report should have already come out by now.  Sure enough it has, about a month and a half ago.  Let’s see what the findings are.

Last year’s report (covered here) started with the Yogi Berra quote “It’s like déjà vu, all over again.”  This year’s report (available for download from here), despite the dire statistics below, starts with a bit more positivity with a quote from Roman philosopher Pliny the Elder: “Hope is the pillar of the world.”  Way to stay positive, Verizon!

Some interesting statistics from the 76 page PDF report:

  • 81% of hacking-related breaches used stolen passwords and/or weak passwords.
  • Three-quarters (75%) of breaches were perpetrated by outsiders, which, of course, means that one-quarter (25%) involved internal actors.
  • 51% of breaches involved organized criminal groups, while 18% were conducted by state-affiliated actors.
  • 51% of the data breaches involved malware.
  • 66% of malware was installed through malicious email attachments.
  • 73% of the breaches were financially motivated.
  • Industries affected the most: financial institutions (24%), healthcare organizations (15%), public sector entities (12%) with retail and accommodation entities combined to account for 15% of breaches.
  • Ransomware has moved from the 22nd most common variety of malware in the 2014 DBIR to the fifth most common in this year’s data.

While the report is a whopping 76 page PDF, it’s (once again) chock full of graphics and statistics which makes it easier to read than the size of the report indicates.  And, as always, Verizon has some fun with the report (see how many song titles you can find referenced within it).  The report covers everything from breach trends to an industry breakdown to a review of each type of incident classification pattern and even provides a month-by month year in review of key data breach occurrences.

You can download a copy of the report here.  Once again, you can register and download the report or just choose to download the report (which I did).  This is our third year covering the report (here is a link to the post from two years ago) and if you want to check out a comprehensive and interesting report on data breaches over the past year, this remains my favorite report.

So, what do you think?  Have you ever experienced any data breaches, either personally or professionally?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.