The annual Verizon Data Breach Report has become a reliable and consistent source of cybersecurity attack trends over the past several years. Verizon has just released this year’s report with the largest number of contributing organizations ever.  Here is OODA’s hot take:

70% of breaches were caused by outsiders

Despite many organizations perceiving insiders as their largest threat, external attackers are still the primary source of breaches.

86% of breaches were financially motivated

Financial gain remains the key objective for a large majority of breaches calling attention to the financial services sector as a target as well as business process and financial systems in other companies.

43% of breaches were attacks on web applications

This number doubled over last year and is indicative of a transition to the cloud and will only increase in a Covid-19 work from home environment. “The most common methods of attacking web apps are using stolen or brute-forced credentials (over 80%) or exploiting vulnerabilities (less than 20%) in the web application to gain access to sensitive information.”

Ransomware now accounts for 27% of all Malware incidents

The increased use of ransomware aligns with the financial motivations of the attackers. Additionally 18% of respondents reported blocking a ransomware attack.

Three types of attacks accounted for a majority of breaches

Attackers have not needed to innovate in their tactics given that credential theft, social attacks (phishing and business email compromise) and errors generate 67% of all breaches. “For most organizations, these three tactics should be the focus of the bulk of security efforts.”

Every cybersecurity practitioner and leader should familiarize themselves with the data in this report and these OODA resources.

• Verizon Data Breach Report
• Deception Needs to be an Essential Element of Your Cyber Defense Strategy
• Essential Management Strategies for Cybersecurity
• Email – The Often Overlooked Cybersecurity Risk
• Cyber Sensemaking:
• 11 Habits of Highly Effective CISOs
• The Executive’s Guide to Cyber Insurance
•  OODA Releases a Traveling Executive’s Guide to Cybersecurity
•  OODA Special Report on Best Practices for Agile Cybersecurity.