2 key takeaways from the 2019 Verizon DBIR

 In |

Reading Time: 3 minutes

Security professionals always look forward to Verizon’s analysis of the past year’s data breach activity. The 2019 Data Breach Investigations Report (DBIR) doesn’t disappoint. It details more than 41,000 security incidents from 86 countries, including over 2,000 confirmed breaches. Data was provided by 73 contributors, including — for the first time ever — the FBI.

While several key takeaways are highlighted in the 78-page report, two caught our attention.

Detection deficit

The first is what some experts call the “detection deficit” — the gap between compromise and detection.

While hackers often breach networks in minutes, according to the report, 56% of data breaches took months to discover. Without closing this gap, security teams cannot be effective.

Organizations often spend too much time and money focusing on prevention, and not enough on detection and response. Making matters worse, security engineers are hard to come by. Nearly 75% of organizations surveyed by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) report being impacted by the shortage of cybersecurity skills, and there is no end in sight. There will be 3.5 million cybersecurity job openings by 2021.

Understaffed, under-skilled, and overworked security teams are ignoring alerts that should be investigated because they simply can’t keep up. This makes it hard to streamline operations and decrease the time it takes to detect and remediate security incidents.

Additionally, trends such as mobility, IoT, cloud, and digital transformation have left traditional controls such as security information and event management (SIEM) unable to provide a complete picture of an ongoing threat or attack. SIEM solutions have been at the heart of security operations for years; they’re great at aggregating data from disparate systems. But legacy platforms fall short in detecting unknown attacks, analyzing large volumes of dynamic threat data, and providing insight into network and user behavior.

Adding technologies like user and entity behavior analytics (UEBA), security automation and orchestration, and threat intelligence to traditional SIEM deployments can enhance your security team’s investigative capabilities and help them quickly analyze, prioritize, and respond to threats.

Weak link in the C-suite

The second theme that stood out is the dramatic increase in attacks on the C-suite.

According to the DBIR, C-level executives were 12 times more likely to be the target of social incidents and nine times more likely to be the target of social breaches than in years past. Both security incidents and data breaches that compromised executives rose from single digits to dozens in the report.

Humans are the weakest link in any cybersecurity strategy, and the elevated privileges executives enjoy make them high-value targets. They tend to have numerous requests and opportunities coming across their desks that they have to deal with quickly. Hackers are counting on this, hoping executives will fail to give emails the right level of scrutiny, leaving themselves open to phishing attacks.

Promoting security awareness at all levels of the organization is critical. Continuously educate your employees about best practices and the latest threats. Emphasize the need for caution when receiving unsolicited or suspicious emails.

Make sure you have strong corporate policies regulating bring-your-own-device programs, including applications, cloud resources, and IoT devices that apply to every employee, no matter their role or leadership level.

Additionally, assess the security posture of your executives. It is important not to leave the C-suite out of scope during vulnerability assessments and penetration testing exercises.

No one is immune

The executive summary of the DBIR points out, “No organization is too large or too small to fall victim to a data breach. No industry vertical is immune to attack. Regardless of the type or amount of your organization’s data, there is someone out there who is trying to steal it.”

Vendor-independent professional assessments can help you evaluate the current state of your cybersecurity capabilities and develop an actionable roadmap for maturing your organization’s overall security posture and protecting your brand.

You can find additional DBIR results and analysis on Verizon’s website.

To learn more about security best practices, contact your SHI account executive.

Anne Grahn contributed to this post.