Highlights of the 2020 Data Breach Investigations Report by Verizon

There are a number of surveys and studies published each year that provide empirical data about the cybersecurity landscape. One of them is the Verizon Data Breach Investigations Report, which compiles publicly-reported breaches with other sources (including intelligence gathered by the Verizon Threat Research Advisory Center). The 2020 DBIR has just been published. This year, Verizon amassed 157,525 incidents and 108,069 breaches.  Here are some interesting findings:

• Trojans were once the primary means of hacking, comprising as much as 50% of all breaches in 2016. They now comprise only 6.5%.
• Phishing and credential theft are on the rise.
• External attackers continue to be much more common than internal threats.
• Money continues to be the main motive, far ahead of espionage.
• The most common hacker profile is the organized crime ring, followed by state-sponsored actors.
• According to the FBI, hackers are more likely to be close by than around the globe: 85% of victims and perpetrators were in the same country, 56%  in the same state and 35% in the same city.
• Errors are becoming a more common source of breach.  Physical penetrations remain uncommon, but Misuse, Hacking, Malware and Social have all decreased as a percentage.   The most common type of incident was a DDoS, while the most common breach was Social (phishing). 
• Errors (i.e., human errors such as mis-configurations, and mistakenly sharing data) saw a significant increase.  Almost half of all Errors were discovered by security researchers (not by an audit or other internal source).
• Almost all (80%) hacks involved stealing or brute-forcing credentials.  Hackers did not rely as much on finding vulnerabilities or backdoors.  
• Financially-motivated social engineering keeps growing in popularity year over year.
• Although we often think of on-prem solutions as more secure than the cloud, cloud-based assets were involved in just 24% of breaches, while on-prem assets represented 70%. 
• The most common attribute of affected data was that it was "personal" (PII/PI/PD), followed by credentials.
• When looking for "patterns," Verizon found the most common was that breaches involved web applications. 
• The Healthcare sector had the most breaches, followed by Finance, then a near-tie among Public, Education, Manufacturing, and Professional sectors.  
• Retail saw only half as many breaches as the latter sectors.  Most Retail sector attacks involved e-commerce, a trend that grows year over year, and very few attacks involved point of sale (POS), representing a multi-year decline.  In Retail, 99% of breaches were financially-motivated.  Fewer than 20% of the data affected in Retail breaches was "internal" (trade secrets, business deals, etc.); the vast majority were types of personal data or payment information.
• An organization's size has less relationship to the risk of breach this year than in recent years, probably due to the flight to the cloud, where large and small organizations are similarly vulnerable.  
• Within the data analyzed, there were more than four times as many breaches in North America as in APAC or EMEA.

You can read all the details for yourself, if you have time, and you can learn even more at these links:

•  DBIR facts,figures and figure data
• framework withexamples and enumeration listings
• full VERIS schema. 
• database on publiclydisclosed breaches 
•  record your own incidents andbreaches