An industry specific look at the 2019 Threat Landscape


If you think you are “too small” of target for cybercriminals, think again.  Of the 41,686 reported security incidents and 2,103 confirmed data breaches analyzed in the 2019 Data Breach Investigations Report, forty three percent of breaches involved small business victims.

Released annually since 2009, the Verizon Data Breach Investigation Report provides analysis and insight into security incidents and data breaches. This data driven investigation of threats, threat actors and attack patterns help to paint a picture of the current threat landscape.

We are taking a deep dive into this year’s report to provide you an in depth look at the current attacks targeting small and medium sized organizations. Understanding the threats that target your specific industry can go a long way to helping you mitigate risks and keep your critical business data secure.

SECURITY EVENT CATEGORIES AND CLASSIFICATIONS

Security events analyzed in report fall into two categories:  Incidents and Breaches.  An Incident is defined as “an event that compromises the availability, confidentiality or integrity of an information asset.”  A breach is defined as “a security incident that results in confirmed data loss or disclosure of data to an unauthorized party.”  

We’ve talked about Verizon’s classification of incidents and the nine attack patterns of a data breach in an earlier blog post.  With over 375,000 reported security incidents, 98.5% of security incidents and 88% of data breaches continue to fall into one of the nine patterns. This years’ report reveals that incidents and breaches tend to have more than just attack patterns in common.  For the 2019 report, a new subset of data was created to better analyze financially motivated social engineering attacks (FMSE), where the goal of attack is not malware installation. Instead, FMSE attacks focus on credential theft and tricking unsuspecting users into transferring funds to attacker-controlled accounts. A close-to-home example of this type of attack recently happened to the North Carolina county of Cabarrus, where the attacker successfully impersonated the general contractor building the county’s new high school and made off with over 1.7 million dollars.

UNDERSTANDING YOUR RISKS

George Fischer, president of Verizon Global Enterprise states “Technical IT hygiene and network security are table stakes when it comes to reducing risk.  It all begins with understanding your risk posture and the threat landscape, so you can develop effective defense strategies and action a solid plan to protect your business against the reality of cybercrime.”

When it comes to security incidents and breaches, malware types and delivery methods vary, but email is still the method of choice for most attacks.  

Below is a detailed look at the frequency, attack patterns, threat actors, actor motives and types of data compromised for this years’ most targeted industries:

Public Sector – 23,399 Reported Data Incidents / 330 Breaches with Confirmed Data Loss

• Top 3 Attack Patterns – Cyber-Espionage, Miscellaneous Errors, Privilege Misuse

• Threat Actors – External (75%), Internal (30%), Multiple Parties (6%), Partners (1%)

• Motives – Espionage (66%), Financial (29%), Other (2%)

• Compromised Data – Internal (68%), Personal (22%), Credentials (12%)

Best Defense: Routinely assess user privileges to limit damages from employees acting inappropriately or maliciously. Use security awareness training to help prevent mis-delivery and data publishing errors. Implement layered malware defenses.

Healthcare – 466 Reported Data Incidents / 304 Breaches with Confirmed Data Loss

• Top 3 Attack Patterns –Miscellaneous Errors, Privilege Misuse, Web Application Attacks

• Threat Actors – Internal (59%), External (42%), Partners (4%), Multiple Parties (3%),

• Motives – Financial (83%), Fun (6%), Convenience (3%), Grudge (3%), Espionage (2%)

• Compromised Data – Medical (72%), Personal (34%), Credentials (25%)

Best Defense: Limit access to data storage and track all access attempts. Know what processes deliver, publish or dispose of personal and medical data and ensure checks are in place to secure data during each process. Implement security training to help improve recognition and reporting of phishing incidents.

Financial /Insurance– 927 Reported Data Incidents / 207 Breaches with Confirmed Data Loss

• Top 3 Attack Patterns –Web Application Attacks, Privilege Misuse, Miscellaneous Errors

• Threat Actors – External (72%), Internal (36%), Multiple Parties (10%), Partners (2%)

• Motives –Financial (88%), Espionage (10%)

• Compromised Data– Personal (43%), Credentials (38%), Internal (38%)

Best Defense: Use 2FA and password managers to strengthen the defenses of customer facing applications, remote access and cloud-based email accounts. Monitor and log access to sensitive financial data and make it clear to staff that “misuse doesn’t pay”.

Professional Services – 670 Reported Data Incidents / 157 Breaches with Confirmed Data Loss

• Top 3 Attack Patterns – Web Application Attacks, Miscellaneous Errors

• Threat Actors – External (77%), Internal (21%), Partners (5%), Multiple Parties

• Motives – Financial (88%), Espionage (14%), Convenience (2%)

• Compromised Data – Credentials (50%), Internal (50%), Personal (2%)

Best Defense: Monitor email for links and executable files. Implement security training to help employees identify phishing and pretexting. Monitor what processes access personal data and use redundant controls to prevent a single point of failure.

Retail/Wholesale – 234 Reported Data Incidents / 139 Breaches with Confirmed Data Loss

• Top 3 Attack Patterns – Web Application Attacks, Privilege Misuse, Miscellaneous Errors

• Threat Actors – External (81%), Internal (19%)

• Motives – Financial (97%), Fun (2%), Espionage (2%)

• Compromised Data – Payment (64%), Credentials (20%), Personal (16%)

Best Defense: Ensure web forms are secure. Safeguard POS terminals by using EMV or other methods that utilize one-time transaction codes. Limit the personal information of your customers in any reward or points programs – they are often targeted.

Educational Services – 382 Reported Data Incidents / 99 Breaches with Confirmed Data Loss

• Top 3 Attack Patterns –Web Application Attacks, Miscellaneous Errors

• Threat Actors – External (57%), Internal (45%), Multiple Parties

• Motives – Financial (97%), Espionage (2%), Fun (4%), Grudge (2%), Ideology (2%)

• Compromised Data – Personal (55%), Credentials (53%), Internal (35%)

Best Defense: Ensure a strong baseline level of security around internet facing assets. Use 2FA – especially with web-based email accounts. Implement security awareness training to help protect student and faculty PII.

Manufacturing – 352 Reported Incidents / 87 Breaches with Confirmed Data Loss

• Top 3 Attack Patterns –Web Application Attacks, Privilege Misuse, Cyber-Espionage

• Threat Actors – External (75%), Internal (30%), Multiple Parties (6%), Partner (1%)

• Motives – Financial (68%), Espionage (27%), Grudge (3%), Fun (4%)

• Compromised Data – Credentials (49%), Internal (41%), Secrets (36%)

Best Defense: Deploy multiple factor authentication on all systems that support it. Implement security training to help employees recognize phishing attempts, pretexting attacks and understand the importance of good password hygiene.

Awareness Is Key

For small business owners, the threats are real and attacks are constantly evolving, driven by a host of motivations. Cybercriminals prey upon our social nature, human error, complacency and the technical vulnerabilities of industries large and small. Their success can be limited with awareness, education and adaptive defenses.