Stats & Trends
Jonathan Crowe
May 2016

Top 10 Stats from the Verizon 2016 Data Breach Investigations Report

Photo by Piotr Lohunko

It's the most highly anticipated cybersecurity report of the year. The Verizon 2016 Data Breach Investigations Report is here, with key stats and lessons learned from over 100,000 security incidents and 2,000 data breaches.

If you're looking for the latest facts and figures on malware, phishing, vulnerability exploits, and more, you'll find it in spades in the full 80-page report. But for those who would like a condensed peek at the key highlights, here are the top 10 stats and takeaways from this year's DBIR you can digest before breakfast.

1) 4 out of 5 data breaches are attributed to external attackers

data_breach_external_attackers.png

You may have your reasons for thinking Ned in HR is up to something, but chances are any data breach you suffer is going to be the handiwork of an outside criminal motivated by financial gain.

2) The majority of data breaches target users and their devices

fastest_growing_data_breach_targets.png

Servers are still the top target for attackers, but attacks targeting users and user devices are on the rise. Combined together, they represent the largest and fastest growing target group.

3) 63% of confirmed data breaches involved weak, default, or stolen passwords

Nothing new, nothing fancy. The majority of data breaches just featured good ol' fashioned attacks designed to take advantage of the one thing we can never seem to get right — stronger password management.

4) In 93% of data breaches, compromise occurred in minutes or less

data_breach_time_to_compromise.jpg

With so little time to react, that puts pressure on IT to invest in prevention and solutions that stop malware in the act of executing, before it has a chance to do any damage. In many cases, playing catch up with detection and response tools will mean you're too late.

Or, as the Verizon team puts it, “When you have to wait on external detection to tell you you’re popped, it’s probably too late to keep the horses in the barn."

5) 99% of malware hashes are seen for only 58 seconds or less

99_percent_of_malware_is_only_seen_once.png

That's bad news for companies relying solely on traditional signature-based security solutions like antivirus (see "The Problem with Signature-Based Security" for a quick and simple explanation).

The postman may always ring twice, but most hackers only use malware once before modifying the code and shipping it back out as a slightly modified version that continues to evade detection.

6) Just 10 vulnerabilities accounted for 85% of successful exploitations in 2015

While the goal with patch management is to be as comprehensive as possible, prioritizing patching the big guns can drastically reduce your risk.

For those keeping score at home, the top 10 exploited vulnerabilities in 2015 were:

CVE-2001-0876, CVE-2011-0877, CVE-2002-0953, CVE-2001-0680, CVE-2012-1054, CVE-2015-0204, CVE-2015-1637, CVE-2003-0818, CVE-2002-0126, CVE-1999-1058

7) 50% of exploitations happen between 10 and 100 days after the vulnerability is published (median = 30 days)

vulnerabilities_time_to_exploitation.png

Some vulnerabilities are typcially exploited more quickly than others (we're looking at you, Adobe). Overall, the important thing is that vulnerabilities are patched, not necessarily that they are patched immediately (though, obviously the sooner the better).

8) Phishing campaigns have a 30% open rate

phishing_email_open_rate.png

The sad thing is most marketers would kill for that open rate. The sadder thing is it explains why phishing continues to be so popular among attackers. It's a delivery tactic that works. Help your users avoid becoming phishing victims with these five tips.

9) Email attachments are the #1 delivery vehicle for malware

top_5_malware_delivery_types.png

Considering the success rate of phishing, perhaps it's no surprise malicious email attachments and links are two of the top three malware delivery mechanisms of choice for attackers. That makes email filtering and user education both smart security investments.

10) 90% of the data breaches in 2015 followed one of nine common patterns

It turns out cyber attacks are not unique snowflakes. That's good news. It means by focusing your energy on preventing the most common data breach scenarios you can actually reduce your risk dramatically.

Bonus Stat: 362,000 new crypto-ransomware variants were spotted in 2015 (source: Symantec)

new_ransomware_variants_symantec.png

This bonus stat isn't from the DBIR, but it illustrates one of cybersecurity's most troubling trends — the rise of ransomware. One of the key challenges of ransomware is not only how quickly new variations are being created, but how quickly those new versions are able to infect your machines and encrypt your data.

To learn more about how ransomware works and how we were able to use behavioral analysis to stop CryptoWall 4.0 from day one, take a look at Barkly in action.

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.

blocks.svg

Close the gaps in your security

See how Barkly’s Runtime Malware Defense blocks attacks other solutions miss.

See a demo

Comments

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.