Close this search box.

Top Takeaways from 2018 Verizon Data Breach Investigation [Report]

If you think your business is too small to be a security target, take heed: More than 58% of security breaches happened to small businesses this past year. Here’s what you need to know to avoid becoming the next statistic.

As the number of threats and security breaches continue to grow, protecting your business from a cyberattack takes a conscientious and sustained effort. Cybercriminals are expanding their forces and the assaults are becoming more sophisticated every day. If you aren’t fully engaged in your cyber security efforts you could be vulnerable. Do you know the biggest threats to your cybersecurity and how to fight them? The “2018 Verizon Data Breach Investigation Report (DBIR)” has the answers.

From 2017 to 2018: What Has Changed in the Security Landscape?

Verizon’s report is based on research compiled using over 53,000 cybersecurity incidents and over 2,300 data breaches from 65 countries. It seeks to find correlations across incidents, including attack methods that we’re aware of, like malware and social engineering, and new threats that are emerging. In this year’s report, 24% of victims were healthcare organizations, a 9% increase from last year’s percentage of 15%. A whopping 58% of all victims were categorized as small businesses this year, perhaps one of the most notable changes in the landscape.

Who’s Behind the Breaches – Verizon Breach Report Page 5

Although the largest source of breaches continues to come from outsiders, the percentage decreased to 73% compared to last year’s 75%. Hackers have heavily been using pretexting — a form of social engineering in which an individual lies to obtain privileged data — to target HR departments, with more than 170 incidents this year (a five-time increase since 2017). Hacking remains the most popular form for data breaches yet again.

For the first time ever, the report introduced industry-specific data. The top five industries suffering the most breaches are healthcare, accommodation, public, retail, and finance.

It is critical that organizations, whether large or small, shift their focus to protecting all aspects of business, from the top to the bottom. This includes focusing on outside threats as well as inside threats, protecting employees from engaging in phishing and hacking scams through email and placing emphasis on the importance of HR protecting private information.

Motives Behind the Attacks

Cyber criminals can have many motivations, but most of them fall into two categories. Financial gain is the primary motivation behind data breaches and cybercrime, and the second is espionage for insider secrets. Combined, these motives comprise 90% of the breaches investigated, and not surprisingly, attacker’s motivations shape the method used. For instance, organized crime groups who have financial motivations will often use stolen credentials or a keylogger to hack a web application or gain backdoor network access.


Most of the tactics were found to be hacking tactics, followed by malware. However, there should also be a focus on social hacking such as impersonation of an individual or a group attempting to receive pertinent information or credentials. Following social hacking is human error, physical hacking and misuse of information.

Percentage of Breaches per Threat Action Category – Verizon Breach Report Page 7

Leading Threat Actions and Patterns

The DBIR includes top threat actions experienced by organizations that underwent a data breach; these threat actions show us which issues to watch out for in the future. The leading threat actions, ranked from most common to least common:

  • Use of stolen credentials
  • RAM scraper or malware
  • Phishing (social engineering)
  • Privilege abuse (misuse)
  • Misdelivery (error)
  • Use of backdoor or C2 (hacking)
  • Physical theft
  • C2 (malware)
  • Backdoor (malware)
  • Pretexting (social engineering)

When it comes to malware, 92% of those attacks came from an email source with an attachment. Over 43,000 breaches involved the use of customer credentials stolen from botnet clients. Botnets can affect you in two ways: With the first method, users download the bot, it steals their credentials, and then uses them to log in to your systems without you ever knowing. In the second scenario, compromised hosts within your network act as foot soldiers in a botnet.

According to Verizon, “We have seven categories of threat actions that we track in our incidents. The last year has seen a decrease in malware and hacking. Phishing individuals (social) and installing keyloggers (malware) to steal credentials (hacking) is still a common path even after sub setting the botnet breaches from the rest of the data.”

Threats and Vulnerabilities by Industry

Healthcare organizations suffered more breaches than any other industry, comprising 24% of all incidents. The biggest threat to healthcare organizations is ransomware, which accounts for 85% of all breaches that involve malware. User devices were by far the most common entry point for ransomware incidents.

Asset categories within Ransomware incidents – Verizon Breach Report Page 14

As for educational organizations, W2 scams are the most prevalent, which involve criminals posing as those needing information for W2 forms. In fact, 44% of education breaches involved stolen credentials and the use of backdoors into data.

Payment card skimmers are still a prevalent threat for the financial services sector. Trojans that involve banking or denial of service attacks are also big threats to the financial services industry, still the leading cause of data breaches for these institutions.

Information, Retail, Finance, and Education all experienced high instances of distributed denial of service (DDoS) attacks. These industries rely heavily on a web presence to operate and to communicate with customers.

Only six contributors sent their vulnerability-scanning data for examination. However, that limited information did reveal insights regarding industry patch cycles. For example, Information, Manufacturing, Healthcare, Accommodation, and Retail all fixed between 25 to 50% of vulnerabilities within a week. On the other hand, Public, Finance, and Education took longer patch issues, and sometimes, only fixed a fraction of the flaws.

What Can Your Business Do to Prepare?

If you haven’t already, it is critical that your organization begins to improve its security posture, especially if you’re in a highly targeted sector that manages sensitive data.

Managed security services. If you’re one of the many small businesses who doesn’t have the resources, knowledge, or time to tackle security on your own, outsource it to the experts and focus on what you do best. You’ll benefit from employing certified specialists using the latest technology to monitor, detect, and protect your assets, plus assistance responding to a breach if an incident does occur.

  • Use a security information and event management (SIEM) services to gain the utmost visibility into the health of your environment. You’ll be able to aggregate data across your infrastructure in real-time to monitor logs, user activity, receive alerts from suspicious activity and respond to incidents quickly.
  • Implement multiple authentication and VPNs. Use two-factor authentication and virtual private networks (VPNs) to remain secure when accessing your network from remote locations. This extra step will prevent bot-related incidents that look for broad vulnerabilities.

You can’t dispute the data and insights from “The 2018 Verizon Data Breach Investigation Report.” Have you conducted a vulnerability assessment lately? If you’d like to learn more about managed security services or have questions based on the findings you see here, reach out to us for a security evaluation, and we’ll discuss how you can improve your security posture. All of our security services start with a discussion about best practices and your goals. Contact an OnRamp security specialist today to get started.

Additional Resources on This Topic:
2018 Threat Report: Tech Trends and Key Takeaways
How to Prevent Third Party Security Risks


Share Article