Verizon recently released a report that showed a majority of data security breaches that occurred last year were accomplished using weak or stolen credentials, a risk the company said is “easily preventable.”
“If you want to see how widely available hacking tools have become, do a web search for ‘password cracker,’” the report, which covered over 47,000 reported security incidents and 621 confirmed data breaches, said. “And in today’s hyperconnected world it’s highly likely that more sophisticated tools and techniques—like those used in espionage attacks—will quickly spread too.”
According to the report, 75 percent of attacks are opportunistic rather than targeted attacks, and most are financially motivated. A majority of financially motivated security breaches last year originated in the U.S. and Eastern Europe, particularly in Romania, Bulgaria and Russia.
The report showed a large percentage of attacks were not completed using sophisticated tactics—78 percent of the tactics used in data breaches last year were rated as “low” or “very low” on the VERIS difficulty scale for initial compromise.
Additionally, Verizon said a “worrying nine percent” of breaches were identified by consumers, and over half of internal breaches were spotted by end users, not the company’s IT team.
“Focusing on improving processes and giving staff better awareness training could reap huge rewards, cutting the time taken to spot breaches and even preventing many from happening in the first place,” the report said.
The report recommended that firms allocate more time and resources to detection and remediation of security breaches, as well as prevent cyberattacks from becoming data breaches.
“Disclosure laws mean that you can’t keep quiet about a breach while you deal with the fallout,” the report said. “As well as trying to avoid being hacked in the first place, organizations need to be able to spot compromises quickly and minimize the amount of data lost.”