Source: InfoSec Resources
Each year, Verizon publishes a report that highlights data breach and incident trends from the previous year. This report offers significant insight into not just the types of threats organizations face today, but who perpetrates breaches, the tactics used and, perhaps most importantly, the reason organizations find themselves at risk in the first place.
Sadly, in too many of these breaches, security awareness on the part of the affected organization was lacking, and security awareness training could have made a significant difference. While security awareness training cannot provide guaranteed protection and does not play a role in defending against things like DDoS attacks, it has been implicated in a very wide range of breaches that could have been prevented.
Digging into the Findings
The Verizon data breach report is a comprehensive compilation of information, and we’ll do our best to summarize it below, beginning with the most common actors behind breaches and incidents.
Unsurprisingly, 75% of all breaches were instigated by outsiders. However, the remaining 25% of attacks actually involved internal actors. More than half of all incidents involved organized criminal groups and 18% involved state-affiliated actors.
A full 24% of breaches affected organizations in the financial industry, with healthcare organizations coming in second, public sector entities third, and the retail and accommodation industries fourth and fifth, respectively.
The Tactics Most Attackers Use
The report also found that 81% of all hacking related breaches leveraged either stolen passwords or weak passwords. This is a crucial finding, as 62% of all breaches involved hacking. Password theft and compromise are two of the most easily remedied risks to any organization, as is highlighted by security awareness training.
Simply training staff members, managers and executives on how to construct strong passwords, and then changing those passwords regularly, can provide a dramatic reduction in the risk level an organization faces, regardless of industry.
Password theft is just as easily protected against. Security awareness training highlights the importance of never remaining logged into an account when away from a workstation or laptop, the need to avoid writing passwords down and storing them physically, and the importance of using an advanced password tracking system to prevent such theft.
Another finding that is less surprising is the rise of malware used to infiltrate an organization’s network….
Click here to read more