Most cyber attacks are simple and predictable, relying on basic tactics and preventable employee errors, according to Verizon’s annual Data Breach Investigations Report. The problem is made worse by the fact that companies often take months or even years to detect such breaches.
Verizon’s annual report used data from 19 agencies worldwide, including law enforcement, and analysed 47,000 incidents including 621 confirmed data breaches. The report observed an increased in state-sponsored espionage - but its overall picture is of opportunistic, low-tech attacks, motivated by money.
Attackers rely on tried-and-tested techniques - often relatively low-tech - rather than trialling new approaches, says Verizon. They are aided by the fact that companies take a long time to respond to such attacks - with 62% taking months to respond, and 4% taking “years”.
“In the six years we’ve been publishing the DBIR, our data has been dominated by well-known techniques, used against the same sort of assets, again and again,” the report says. “This year is no exception.”
Around 10% of attacks were so basic that any computer-literate person could have done them, says Verizon - and in total 78% of breaches relied on methods described as “basic”, according to the VERIS difficulty scale. Criminals are often aided by a familiar mixture of weak credentials and staff errors, said Verizon.
“Many breaches involve an unintentional element,” the report said. “Taking information home, copying data onto a USB drive, attaching the wrong file to an email or sending it to the wrong person, or leaving a laptop in a cab can all lead to a data breach.”
More than three-quarters (76%) of network intrusions relied on weak or stolen credentials - a risk that Verizon describes as “easily preventable”.
Nearly a fifth (19%) of attacks were thought to be by state-sponsored actors. “The majority of financially motivated incidents we looked at originated in the U.S. or Eastern Europe — particularly Romania, Bulgaria and the Russian Federation," said the report. "Espionage cases were predominately attributable to East Asia. But the attacks that we studied happened to companies all around the world. Geographic borders are no protection against cyber attacks.”