In its eleven edition, the Verizon Data Breach Investigations Report (DBIR)
continues to be a wealth of information for security professionals. The report focuses on data breaches, defining such breaches as "An incident that results in the confirmed disclosure— not just potential exposure—of data to an unauthorized party." A few of the highlights of the DBIR are listed below.
- 49% of non-point-of-sale malware was installed via malicious email
74% of cyber-espionage actions within the public sector involved phishing
Motives for phishing are split between financial (59%) and espionage (41%)
70% of breaches associated with a nation-state or state-affiliated actors involved phishing
- 17% of breaches were social attacks
- 12% of breaches involved actors identified as a nation-state or state-affiliated
- 24% of breaches affected healthcare organizations
- 58% of data breach victims are categorized as small businesses
Information security is a prime concern for all businesses. One factor that continues is the fact that employees play a key role as they are a key part of a layered security strategy. PhishingBox provides end-user security awareness training to mitigate the threat from phishing and other malicious emails.