2016 offered up some conflicting trends in cyber events according to this year’s Verizon Data Breach Investigations Report (DBIR), but one thing is clear – issues like ransomware, outside hackers, and social engineering aren’t going away any time soon.
“It is true that the DBIR will never be blank as—choose your cliché—‘there is no such thing as 100 percent secure’ or ’perfection is the enemy of good enough.’ It is also true that due to the nature of the report we admittedly have a lack of success stories. After all, this is at its core a report about confirmed data breaches,” wrote the authors of Verizon’s annual DBIR. The report included not only confirmed breaches but other cyber incidents, as well as a breakdown of incidents by industry.
Data appeared to suggest a rise in internally-driven cyber incidents and cyber espionage, however, Verizon commented that it would “not be making any proclamations about internal threats on the rise and would not bet the farm that this line will continue to trend upward.” Absolute numbers showed that the reason for the rise in internal threats was a drop in two specific types of external threats: password-stealing botnets and point-of-sale incidents, which Verizon noted have “gone back to being primarily a small business problem” after major retailer breaches a few years ago.
Payment card skimming remains a problem, Verizon noted, commenting, “This year we saw one particular shift from previous years that is worthy of remark. The number of incidents involving gas pump terminals increased over three-fold from last year, while at the same time, there was approximately a 25 percent decrease from last year in the number of incidents with ATMs as the affected asset.”