Despite advances in cyber-detection and against the backdrop of a greater reliance on digital technology for life and work, we are still seeing the same security failures plague the cybersecurity industry. Put simply – many organizations are still not implementing comprehensive security strategies. Why is this?
Organizations are still being influenced by the myths that surround cybercrime. Often under the misunderstanding that their security strategies of previous years are sufficient for today’s cyber threats or that they can’t possibly be a target. However, if there is critical data of value available then cyber-criminals are interested and make it their mission to obtain it. At the end of the day, nobody is immune to cybercrime and the longer it takes for an organization to discover a breach, the more time attackers have to penetrate its defenses and cause damage.
Our 2016 Data Breach Investigation Report, once again demonstrates that there is no such thing as an impenetrable system.
Let’s dispel the common cyber-myths once and for all:
Myth #1 – Hackers always carefully select a target and then hit them with a zero-day attack.
Truth — Most attacks are opportunistic, indiscriminate and exploit known vulnerabilities. The top 10 vulnerabilities account for 85% of successful exploit traffic. And the remaining 15% consists of over 900 Common Vulnerabilities and Exposures (CVEs).
Myth #2 — Attackers are fast. But the good guys are catching up.
Truth — The gap between compromise and detection is widening. In 93% of breaches attackers take minutes or less to compromise systems. But four out of five victims don’t realize they’ve been attacked for weeks or longer. And in 7% of cases, the breach goes undiscovered for more than a year.
Myth #3 — Passwords prove the identity of authorized users.
Truth — 63% of confirmed data breaches leverage a weak, default or stolen password.
Myth #4 — Phishing emails are easy to identify and ignore.
Truth — Phishing is on the rise. 30% of phishing emails are opened. And about 12% of targets go on to click the link or attachment.
Myth #5 — Cyber-espionage attacks are widespread and increasing.
Truth — Money remains the main motive for attacks. 80% of analyzed breaches had a financial motive.
Myth #6 — It’s all too complicated. The bad guys have won.
Truth — 95% of breaches fit into just nine attack patterns. If they are understood then organizations can make the right investments and protect their data more effectively.
Sometimes the truth hurts but the facts don’t lie.
Many businesses that fall victim to cyber-attacks don’t have basic security practices in place such as identifying their most critical assets and data, or implementing stronger controls to manage risk. Overlooking the most basic steps can lead to disaster. Awareness is the first and best line of defense against cyber-criminals, and it is a lack of this basic awareness in some organizations that is ensuring the repeated success of the cybercriminal.
For more information about the 2016 DBIR, visit: http://news.verizonenterprise.com/2016/04/2016-data-breach-report-info/.