2016 Verizon Data Breach Investigations Report: 10 Security Trends Solution Providers Need To Know

Danger Ahead

The annual bellwether report of the security industry -- the Verizon Data Breach Investigations Report -- found that 2015 was a year in which, not surprisingly, many of the same security threats arose as did in years past. For the 2016 report, Verizon pulled data from most major security vendors and found that hackers still chose to target companies primarily for financial gains, relied on tried-and-true hacking methods like phishing, and attacked businesses with even greater frequency than before. There were also signs of rising trends in threats to security, such as ransomware and nation state attacks.

With all of those threats, said Dave Ostertag, global investigative manager, Verizon Enterprise Solutions, there is a vital role partners can play in getting their clients' security up to speed and preparing them to respond in the event of an attack. Take a look at 10 trends from 2015 that partners need to know to help take better care of their clients in the year to come.

Shifting Attack Motivations

Attackers have typically gone after companies largely for financial gains. That tendency was no different this past year, the report found, accounting for more than three-fourths of all breaches. But even given that typical motivation, Ostertag said, partners shouldn't discount the continued threats of nation state attacks and espionage, despite the drop in the percentage of attacks being driven by those motivations. The report also noted a high prominence of so-called secondary attacks, in which the goal of compromise is to get information needed for a subsequent attack. This category would largely "overshadow" all other motivations, the report said, so it is not included in its percentage breakdown of what information hackers are targeting.


As in previous years, phishing attacks continued to be one of the most popular attack vectors, the report found, with 9,576 total incidents throughout the year. The majority of these phishing cases were for the purpose of installing persistent malware, the report said.

"We see the bad guys shift according to what works and industries that are targeted, but a lot of the basic methodologies stay the same," Ostertag said.

Ransomware On The Rise

Over the past few months, ransomware attacks on hospitals have gained high-profile media attention. The Verizon Data Breach Report found that the rise in ransomware is more than just a headline grabber, with the biggest jump in incidents of crime ware to 148 incidents, second only to command and control attacks. While medical offices and health-care providers have seen multiple incidents in recent months, Ostertag said it is important to note that ransomware is hitting industries of all types.

"We're seeing it across the board," Ostertag said, adding that the rise of ransomware in businesses of all types highlights the need for data backups.

The Internet Of Things

While the Internet of Things gets lots of hype as a security threat, the report said there still is not "significant real-world data on these technologies as the vector of attack on organizations."

"We haven’t see it be a factor at all. It’s not there yet," Ostertag said. But that given, Ostertag said, the fact that it isn't a factor yet doesn't mean the Internet of Things doesn't pose a possible threat down the road.

Malware Automation

In years past, Ostertag said, hackers would manually attack a network to steal credentials or force their way into the network. Now, he said, hackers are using more malware to do all of these tasks. Beyond making life easier for the attackers, Ostertag said, this new push allows hackers to better "hide in the weeds" of the network without detection. The detection deficit -- the amount of time between compromise and detection -- continues to grow, the report found, reversing a hopeful course forged in 2015 as the deficit began to close.

Targeting Credential Theft

Credential theft is involved in 63 percent of confirmed data breaches, the report found, citing 1,474 incidents as examples. The good news is that credential theft is "just about the most inexpensive thing you can do something about and add protections there," Ostertag said. He said partners can help their clients make sure admin passwords are changed from their defaults and help them implement secure credentials using best policies. The report, in particular, recommended implementing multi-factor authentication solutions to help combat credential theft.

Insider Threat Remains Strong

As in years past, the human factor remains a strong threat to a business' security. Insider threats are also "among the most difficult to detect," resulting in 49 percent of incidents taking months to discover and 21 percent taking years.

"We continue to see a very clear pattern of people being the weak link," Ostertag said.

The report recommended monitoring employees for unusual activity and restricting access to critical data and functions when not necessary.

Point-Of-Sale Attacks Continue

Point-of-sale attacks continued in 2015. What was different last year was that attacks shifted from retail organizations to multiple large hotel chains, targeting the companies' gift shops and retail locations, the report said. Some examples of that include Starwood Hotels & Resorts Worldwide in November and the Hilton Hotel chain in September. In particular, the report found that command and control attacks were on the rise in 2015, with RAM scraping and keylogging malware also holding a significant role throughout the year.

"It should be no surprise to anyone that this pattern is alive and well in the 2015 dataset. There are still folks out there seeking to get paid and looking to stolen payment card data as the means to meet their greedy objectives," the report said. The report recommended implementing two-factor authentication, for both the POS system and the vendors tied to it.

Industries Of All Types

In 2015, businesses of all types were hit by breaches. The public sector was hit by far the hardest, with 47,237 incidents out of a total 64,199. Next up were entertainment (2,707), finance (1,368) and information (1,028). The majority of those breaches hit large organizations, accounting for 74 percent of the incidents reported.

Partners Can Help

While the number of breaches in 2015 might be discouraging, Ostertag said there is something partners can do to help. He recommended that partners talk to their clients about prioritizing assets they need secured, particular to their own business, rather than trying to "boil the ocean" and secure everything. Beyond that, Ostertag said, a little security can go a long way, and partners can help make big changes by taking small steps, such as improving passwords to prevent credential theft, which accounted for about two-thirds of reported breaches. He also said partners should help clients develop a plan in case their organization does get breached, including incident responders, lawyers, public relations and more.