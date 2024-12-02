Ransomware was found in 39% of malware-related data breaches – double that of 2017 DBIR – and accounts for over 700 incidents, according to the report. The human factor continues to be a key weakness as employees are still falling victim to social attacks. Financial pretexting and phishing represent 98% of social incidents and 93% of all breaches investigated – with email continuing to be the main entry point (96% of cases). Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education.

Other major findings include:

Financial pretexting targets HR: Pretexting incidents have increased over five times since the 2017 DBIR, with 170 incidents analyzed in 2018 (compared to just 61 incidents in the 2017 DBIR). 88 of these incidents specifically targeted HR staff to obtain personal data for the filing of file fraudulent tax returns.

Phishing attacks cannot be ignored: While on average 78% of people did not fail a phishing test in 2017, 4% of people do for any given phishing campaign. A cybercriminal only needs one victim to get access into an organization.

DDoS attacks are everywhere: DDoS attacks can impact anyone and are often used as camouflage, often being started, stopped and restarted to hide other breaches in progress.

Most attackers are outsiders: One breach can have multiple attackers and the study found the following: 72% of attacks were perpetrated by outsiders, 27% involved internal actors, 2% involved partners and 2% feature multiple partners. Organized crime groups still account for 50% of the attacks analyzed.

The Verizon 2018 Data Breach Investigations Report leverages collective data from 67 organizations across the world and the 2018 edition includes analysis on 53,000 incidents and 2,216 breaches from 65 countries.