Overview#

Verizon Data Breach Investigations Report (DBIR) is published by Verizon and is an unparalleled insight into cybersecurity threats and considered by many to be the most authoritative, data-driven cybersecurity report[1]

The latest version we looked at showed a study of 65 organizations that:

• 66% of malware has been installed via malicious Software email attachments.
• 73% of the cybersecurity scams were financially motivated
• 62% involved an Active attacker
• 51% included malware
• 81% of the Attack breaches utilized stolen or weak passwords
• 61% Of the data Breach victims are firms with less than 1,000 employees
• 95% of the phishing breaches followed "some of software installation"
• 75% were perpetrated by outside Attackers
• 25% were perpetrated by internal Attacker
• 18% involved Government-affiliated Attackers
• 27% of the breaches were discovered by third parties

Verizon Data Breach Investigations Report (2017) offers up a few security recommendations to help protect web applications, including:

• Limit the amount of personal data and site credentials stored on web apps or backend databases to the minimum required to run operations, and encrypt the rest
• Use a Multi-Factor Authentication into web applications that would require completely different attack pattern to compromise than passwords
• Patch your content management systems (CMS) and plugins, and make sure you get notified of out-of-cycle patches

More Information#

There might be more information for this subject on one of the following:

• DBIR
• How To Crack SSL-TLS
• Password Anti-Pattern
• Phishing
• Verizon
• Why OpenID Connect

---

• [#1] - Verizon Data Breach Investigations Report (DBIR) - based on information obtained 2017-05-10-