Overview#
Verizon Data Breach Investigations Report (DBIR) is published by Verizon and is an unparalleled insight into cybersecurity threats and considered by many to be the most authoritative, data-driven cybersecurity report[1]The latest version we looked at showed a study of 65 organizations that:
- 66% of malware has been installed via malicious Software email attachments.
- 73% of the cybersecurity scams were financially motivated
- 62% involved an Active attacker
- 51% included malware
- 81% of the Attack breaches utilized stolen or weak passwords
- 61% Of the data Breach victims are firms with less than 1,000 employees
- 95% of the phishing breaches followed "some of software installation"
- 75% were perpetrated by outside Attackers
- 25% were perpetrated by internal Attacker
- 18% involved Government-affiliated Attackers
- 27% of the breaches were discovered by third parties
Verizon Data Breach Investigations Report (2017) offers up a few security recommendations to help protect web applications, including:
- Limit the amount of personal data and site credentials stored on web apps or backend databases to the minimum required to run operations, and encrypt the rest
- Use a Multi-Factor Authentication into web applications that would require completely different attack pattern to compromise than passwords
- Patch your content management systems (CMS) and plugins, and make sure you get notified of out-of-cycle patches
More Information#
There might be more information for this subject on one of the following:- [#1] - Verizon Data Breach Investigations Report (DBIR)
- based on information obtained 2017-05-10-