Understanding data breaches 2020 | Norman Marks on Governance, Risk Management, and Audit

0
253
Home
> Risk > Understanding data breaches 2020

Understanding data breaches 2020

For 13 years, Verizon has shared their Data Breach Investigations Report. The 2020 edition is now available.

As usual, it contains some interesting information:

  • Only 70% of breaches were by external actors.
  • Organized crime was behind 55%.
  • Nation states, sysadmins, and end users were each behind about 10% of the breaches.
  • 22% included social attacks (pretexting and phishing), 96% of the time by email. 1% by phone or SMS.
  • 17% involved malware; 27% of malware was ransomware.
  • 8% was from misuse by authorized users.
  • Partners were involved in 1%; multiple parties were also involved in 1%.
  • 81% were contained in one day or less [a massive improvement from what I have read in the past].
  • 72% of the victims were large businesses.
  • 58% of victims had personal data compromised.
  • 20% of breaches take months to be discovered, a significant improvement from prior years
  • Of the 108,069 breaches and 157,525 incidents reported to Verizon, more than 100,000 breaches “were credentials of individual users being compromised to target bank accounts, cloud services, etc.”
  • There were 25,029 incidents involving organizations where they could identify the industry category. 7,463 (30%) involved professional organizations, 6,843 (27%) were…

Подробнее…