Dying to read 70+ pages? I think not. So we did it for you. Here’s the good, the bad, the ugly, and the insightful.
75% of breaches are perpetrated by outsiders
And over half of these are criminals. These guys are taking hacking seriously; shouldn’t you?
25% Involve your own (employees)
Does your Managed Security provider monitor internal traffic? If not, bag ‘em.
43% leveraged social engineering
Educate your people. And then repeat, repeat, repeat.
51% involved malware
1 in 14 users click/open, with ransomware being the 5th most common form out there, and the Healthcare and Financial verticals being the #2 and #3 most targeted industries.
61% of breaches were at companies with less than 1,000 employees
Size doesn’t matter. Just because you’re smaller, fly under the radar, or don’t have a website doesn’t mean you’re not a target.
81% of hacks exploited stolen/weak passwords
For the love of god, #LastPass it.
In other news…
Finance is the industry most likely to get breached, but don’t take it personally; 73% of breaches were financially motivated so this makes sense. Follow the money…
Homecoming Queen (almost)
The Financial vertical was also voted 1st runner up to fall victim to insider misuse, which is even worse than it sounds because these types of breaches are more likely to take months and years to detect, rather than weeks.
…are your friends. Employees reporting something phishy is the most common internal discovery method. Specifically, 1 in 5 employees report incidents, which begs the question…how educated are your people?
…are the Navy Seals of CISOs, dealing with a multitude of medical records, stored electronically (in centralized databases and laptops), and on paper, which contain personal information (name, address, social security number); all of which needs to be accessible quickly for patient care. Let’s not get started on the disclosure requirements for the industry or the fact that healthcare ransomware campaigns get the most publicity. Time to ask for a raise.
While Finance suffers from insider misuse as well (see above), Healthcare is the only industry where employees are actually your greatest threat, above all else. If that’s not a cry for principle of least privilege use, I don’t know what is. Besides checking up on them, use warning banners that make it clear monitoring is taking place…like a traffic speed camera, but for your data.
Misdelivery? Really? Yep. Misdelivery of information, electronic or paper, is extremely common within Healthcare…but you knew that already.
And that’s a wrap for Verizon’s staple report; until we meet again next year.
We’ve got you covered.