The Single Most Important Thing from the 2018 Verizon Data Breach Report

Verizon has released its 2018 Data Breach Investigation Report (DBIR), which includes pages upon pages of analysis, reports, and graphs depicting cybersecurity trends for the past year.

So, what’s the one most important thing that we can take from the report that…

  • shows what tactics attackers are likely to use,
  • should encourage executives to support much-needed security initiatives, and
  • illustrates the importance of security?

It’s this chart: Most important chart in the 2018 DBIR

Less than half of the breaches featured hacking? So more than half of breaches featured something other than hacking!

It’s common to think of cybersecurity as purely the defense against hackers, but there’s so much more to a comprehensive security program. Over half of the breaches that occurred last year instead featured:

  • Misuse of privileges or data mishandling
  • Errors like misconfiguration, misdelivery of data, publishing errors, or losses
  • Social attacks like phishing or pretexting
  • Malware, whether simple or advanced
  • Physical attack vectors like credit card skimmers or just outright theft

Don’t forget to build these other attack vectors into your threat model, and weight them appropriately too. They might make up more than half of your model these days!