The 2016 Verizon Data Breach Investigations Report (DBIR) highlights key information related to social engineering. Now in its ninth year of publication, the “Verizon 2016 Data Breach Investigations Report” analyzes more than 2,260 confirmed data breaches and more than 100,000 reported security incidents in this year’s report – the highest since the report’s inception in 2008.  Verizon Data Breach Investigations Report - (DBIR)

There are several key findings in the report.  These key security facts are outlined below.

  • 30% of phishing messages were opened – up from 23% in the 2015 report.
  • 89% of all attacks involve financial or espionage motivations.
  • 63% of confirmed data breaches involve using weak, default or stolen passwords.
  • 95% of breaches fall into nine patterns.
  • 86% of security incidents fall into nine patterns.
  • Ransomware attacks increased by 16% over 2015 findings.
  • Web application attacks climbed to the #1 spot for data breaches, up 33% over prior year.
  • If stolen devices are encrypted, it’s much harder for attackers to access the data.
  • Ransomware attacks increased by 16% over 2015 findings.
  • In 2015, there were 38% more security incidents detected than in 2014.
According to the Verizon Data Breach Investigations Report 2016, 95% of breaches and 86% of security incidents fall into nine patterns:
          • Miscellaneous errors.  Any unintentional action or mistake that compromises
            security, excluding the loss of assets.
          • Insider and privilege misuse.  Mainly consists of incidents involving misuse
            by insiders, but outsiders and partners granted privileged access to systems
            also show up.
          • Physical theft and loss.  The loss or theft of laptops, USB drives, printed
            papers and other information assets.
          • Denial of service (DoS).  DoS attacks can bring normal operations to a halt,
            causing chaos.
          • Crimeware. This covers any use of malware that doesn’t fall into a more
            specific pattern.  39% of crimeware incidents in 2015 involved ransomware.
          • Web app attacks.  Where a web app, such as a content management
            systems or e-commerce platform was used as the means of entry.  95% of web
            app attacks where criminals stole data were financially motivated.
          • Point-of-sale (POS) intrusions.  When attackers compromise the computers
            and servers that run POS applications. 
          • Cyber-espionage.  Attacks carried out by state-affiliated actors, often looking
            for intellectual property.
          • Payment card skimmers.  Incidents involving physical installation of a device
            on an ATM, gas pump or POS terminal that intercepts card data. 
In 93% of cases where data was stolen, systems were compromised in minutes or less.  In 83% of cases, victims didn’t find out that they had been breached for weeks or more.
According to the Verizon Data Breach Investigations Report 2016, 89% of all attacks involve financial or espionage motivations.  63% of confirmed data breaches involve using weak, default or stolen passwords.  This year’s report calls out the rise of a new three-step attack that is being repeated by cybercriminals.  Many organizations are falling prey to this type of attack, which consists of:
          • Sending a phishing email with a link that directs the user to the malicious
            website or contains a malicious attachment.
          • Malware is downloaded onto an individual’s computer that establishes the initial
            foothold, providing an open door for additional malware to be loaded.
          • Use of the victims’ credentials to enable further attacks, including logging into
            third-party websites such as banking or retail sites.
The top 10 stats and takeaways from the Verizon 2016 Data Breach Investigations Report are as follow:
  1. 4 out of 5 data breaches are attributed to external hackers
  2. The majority of data breaches target users and their devices
  3. 63% of confirmed data breaches involved weak, default or stolen passwords
  4. In 93% of data breaches, compromise occurred in minutes or less
  5. 99% of malware hashes are seen for only 58 seconds or less
  6. Just 10 vulnerabilities accounted for 85% of successful exploitations in 2015
  7. 50% of exploitations happen between 10 and 100 days after the vulnerability is published (median = 30 days)
  8. Phishing campaigns have a 30% open rate
  9. Email attachments are the #1 delivery vehicle for malware
  10. 90% of the data breaches in 2015 followed 1 of 9 common patterns
According to the Verizon Data Breach Investigations Report 2016, phishing tops the list of increasing concerns.  Phishing has picked up dramatically over the prior year.  Email is the weapon of choice for cybercriminals, phishing is trending up and it is leading to more data breaches than ever before.  Verizon combined over 8 million results of sanctioned phishing tests in 2015 from multiple security awareness vendors and found that 30 percent of phishing messages were opened in 2016 – up from 23% in the 2015 Verizon Report – and 13% of those clicked to open malicious attachments or nefarious link.  Only 3% of the targeted individuals reported the phishing e-mail to management.
According to Laurance Dine at Verizon Enterprise Solutions, the median time for the first user of a phishing campaign to open the malicious email is 1 minute, 40 seconds.  Additionally, according to Dine, the median time to the first click on the attachment was 3 minutes, 45 seconds.
According to the Verizon 2015 Data Breach Investigations Report, cyberattacks are becoming increasingly sophisticated, but that many criminals still rely on phishing and hacking.  According to the report, 70% of cyberattacks use a combination of phishing and hacking and involve a secondary victim, adding complexity to the breach.  In 60% of breaches, attackers are able to compromise an organization within minutes. 
96% of the nearly 80,000 security incidents that Verizon analyzed for 2015 can be traced to 9 basic attack patterns:
          • Miscellaneous errors
          • Crimeware
          • Insider/privilege misuse
          • Physical theft/loss
          • Web app attacks
          • Denial-of-service attacks
          • Cyberespionage
          • Point-of-sale intrusions
          • Payment card skimmers