Verizon recently released its 2019 Data Breach Investigations Report, an analysis of over 40,000 security incidents that provides an overview of the changing threat landscape and the actors, actions and assets most commonly present in breaches.
Companies must understand these trends so they can ensure they are protected from the threats that most commonly impact their industry, in addition to being compliant with data privacy regulations. With recent research by PCI Pal finding that 83 percent of US consumers would avoid shopping at a business for several months following a breach, and 21 percent reporting they would never return to a brand following a breach, keeping a pulse on the changing security landscape is more important than ever. With this in mind, PCI Pal pulled eight key trends from Verizon’s report for all businesses to keep in mind.
- 34 percent of all attacks involved internal actors, and 15 percent of security incidents were a result of misuse by authorised users, underscoring the importance of tightening up security policies and processes to reduce the potential for malicious and/or negligent insider action and human error wherever possible. For businesses operating contact centres that process payments, it’ll be important to leverage de-scoping and DTMF technologies to ensure that sensitive data never enters the enterprise – removing the potential for data to be stolen.
- Certain industries are more prone to specific types of attacks. 16 percent of all breaches were of public sector entities, with cyber-espionage, miscellaneous errors and privilege misuse representing 72 percent of these. Another 10 percent were of the financial industry, where web applications, privilege misuse and miscellaneous errors represented a majority of breaches.
- While card present breaches involving POS compromises continue to decline, attacks against e-commerce web applications are on the rise. Verizon attributes the decline of physical termination compromises to the implementation of chip and pin payment technology.
- Ransomware attacks remain a huge threat, accounting for nearly 24 percent of incidents where malware was used. Verizon notes that media coverage of ransomware attacks has decreased because they have become so commonplace, but they are still a huge threat that all industries need to be aware of.
- C-level executives are 12x more likely to be the target of social incidents and 9x more likely to be the target of social breaches than in past years.
- Attacks on HR professionals have decreased, with 6x fewer HR personnel impacted than last year.
- As more companies transition to the cloud, there has been an increase in hacking cloud-based email servers via the use of stolen credentials.
- Click-through rates on phishing simulations for data partners have decreased over the last seven years from 24 percent to just 3 percent, but 18 percent of people who clicked on testing links did so on mobile devices, highlighting the importance of mobile security.
There are a few steps companies can take to reduce these threats, including running regular security audits, keeping security software up-to-date, leveraging DTMF technology and requiring strong authentication for customers and internal employees. The most important, though, is to stop storing sensitive data in the first place so there isn’t anything for internal or external actors to steal.
Certified to the highest level of security and recognised by the CNP 2019 Awards as Best PCI Compliance Provider for the third consecutive year, PCI Pal provides reliable and effective secure payment solutions to safeguard the reputation of brands that engage with customers by phone.