1. People are still the most vulnerable asset in the organization:
a. 1 in 14 users were tricked into opening an attachment or following a link
b. 80% of hacking-related breaches leveraged either stolen and/or weak passwords
2. Phishing continues to be a prominent way for attackers to establish a foothold.
a. 66% of malware was installed via malicious email attachments.
3. The disparity between time-to-compromise and time-to-discovery is still very large.
a. Most compromises happen within minutes while most discoveries happen within weeks or months
4. Ransomware is becoming more popular and more sophisticated.
a. The most fundamental shift was targeting organizations as a whole instead of individual consumer computers
b. In the 2014 DBIR, it was the 22nd most common form of malware
c. In today’s DBIR, it is the 5th most common
5. The majority of breaches are financially motivated, but espionage-related attacks are on the rise.
Final thoughts: The great Bruce Schneier was said: “Only amateurs attack machines; professionals target people.” That certainly seems to be the case for this year’s DBIR. Humans have natural flaws that can be easily exploited, and attackers prey on this fault better than anybody.
It makes sense, too. Why would attackers spend lots of time and money to find vulnerabilities and software holes when they can craft up a convincing email that costs them nothing?
Exploiting human flaws will continue to be the preferred method for entry into an organization—it’s cheap and it works. It’s hard to change human behavior and stop these phishing attacks from being successful. So for that reason, a robust detection and containment technology must be in place as a second line of defense.