Skip to main content

Cyberthreats to ‘Organizations Like Yours’

Various Errors (42%), web application attacks (29%) and cyberespionage (13%) top the list of data breach causes for organizations — public and private — that deal with “the creation, transmission and storing of information,” including of TV shows and movies.

That’s according to Verizon Communications’s 2019 Data Breach Investigations Report a review of data from 41,686 security incidents* and 2,013 data breaches** from 73 different sources. The goal, the report said, was to provide perspectives on threats “organizations like yours face.”

Verizon’s review found that a third of those threats (actually 34%) were internal, including misuse by authorized users and errors.

In the interests of better cyber-hygiene — have you scrubbed behind your virtual ears? — The Wire presents some of Verizon’s key takeaways:

1. Aiming for the top. C-suite execs are being increasingly targeted, with incidents rising from single digits in the previous report to dozens in the latest.
2. Threatening cloud. As companies transfer data to the cloud, stolen credentials are the method of choice for hacking those remote email servers.
3. Sorry, right number. Web-based payment card number theft is on its way to exceeding those from physical terminals, which may be a case of chip-and-pin card technology better protecting physical transactions.
4. Your money or your online life. Ransomware accounts for about a quarter of all malware-related incidents.
5. HR breathes easier. Attacks on human resources personnel have decreased, correlating with the virtual disappearance (pun intended) of W-2 tax form scams from the survey.
6. Not-so-smartphones. Mobile users are more susceptible to click on test phishing e-mails, in part because of the user interface.

* Incident: A security event that compromises the integrity, confidentiality or availability of an information asset.

** Breach: An incident that results in the confirmed disclosure — not just potential exposure — of data to an unauthorized party.