eDiscovery Daily Blog

• May 13, 2019

Big surprise there, right?  So says the 2019 Verizon Data Breach Investigations Report (DBIR), which analyzes the reported cybersecurity and data breach incidents for the year.  According to this year’s report, senior C-level executives are 12 times more likely to be the target of social engineering attacks, and 9 times more likely to be the target of social breaches than in previous years, with financial motivation the key driver in these attacks.

Many of the attacks on C-level executives are phishing attacks, often where the hackers pose as the CEO, eventually asking for a financial transfer to be conducted to a certain account (I wrote about an attempt I received earlier this year).  As I wrote in that article, marking emails coming from an external source with an “*** External Email ***” marker inserted into the received email has helped us at CloudNine identify those phishing instances.

As always, this year’s report has some interesting findings.  Here are some of them from the 78-page PDF report:

• They are reporting on over 41,686 incidents and 2,013 confirmed data breaches, both numbers were down this year from last year;
• 69% of reported breaches were perpetrated by outsiders, 34% by internal actors (last year, the ratio was 73%-28%);
• 39% of breaches were carried out by organized criminal groups, down 11% from last year;
• 23% of breaches involved actors identified as nation-state or state-affiliated, up 11% from last year;
• Who was affected? 16% were breaches of public sector entities, 15% of breaches affected healthcare organizations, 10% of breaches involved the financial industry and 43% of victims are categorized as small businesses.  While that is the highest category, it is 15% lower than last year.
• How do they get you? 52% of breaches featured hacking, 33% were social attacks (nearly double last year’s 17%), 28% included malware, 21% of breaches had errors as causal events, 15% involved misuse by authorized users and 4% of breaches involved physical actions.
• Also, 71% of breaches were financially motivated, 25% of breaches were motivated by the gain of strategic advantage (espionage), 32% of breaches involved phishing, 29% of breaches involved use of stolen credentials and 56% of breaches took months or longer to discover. While that number seems remarkable, it is 12% down from last year’s 68%.

As always, the report is chock full of graphics and statistics which makes it easier to read than the size of the report indicates and covers everything from social attacks to ransomware to denial of service to incident classification patterns and coverage of data breaches and other incidents in several industries.

You can download a copy of the report here.  Believe it or not, this is our fifth(!) year covering the report (previous reports covered here, here, here and here).  Enjoy!

Also, just a reminder that CloudNine will be the Scarlett sponsor of the Murder in the Manor charity fundraiser hosted by Oasis Discovery to be held May 16th at The Mansion on O Street in Washington DC (2020 O Street NW, Washington, DC 20036).  CloudNine will be running the Speakeasy, where drinks will be available and a lot of fun will be had.  And, all proceeds from the event will benefit the Capital Area Food Bank (CAFB), which is the largest public, non-profit hunger and nutrition education resource in the Washington Metropolitan Area.  Click here for more information and to purchase your tickets.  Remember, it’s for a great cause.

So, what do you think?  Have you ever experienced any data breaches, either personally or professionally?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.