Start with Cybersecurity Basics: Confirmed by Verizon’s 2016 Data Breach Report

Posted byShawn E. Tuma 1 Comment on Start with Cybersecurity Basics: Confirmed by Verizon’s 2016 Data Breach Report

Verizon released its 2016 Data Breach Investigations Report and it confirms what many of us have been saying for a while: start by focusing on the basics of cybersecurity!

1 Step to Improve Your Company’s Cybersecurity Today

Low Hanging Fruit Can Make a Pretty Good Cybersecurity Pie

Making this point, a few days ago I wrote “The problem is, while many businesses are victimized by the super sophisticated “unprecedented” exotic (real) hacking attacks, they are in the minority. The vast majority of the cybersecurity incidents companies experience are because of much simpler things like lost USB drives, stolen laptops, or highly-effective phishing scams.” (post)

Here are a few excerpts of the Verizon Report that confirm that businesses that spend their resources addressing the basics will be focusing on a significant part of the cybersecurity problem:

  • “Phishing has continued to trend upward … and is found in the most opportunistic attacks as well as the sophisticated nation-state tomfoolery.” (p. 12)
  • “The majority of phishing cases feature phishing as a means to install persistent malware.” (p. 21)
  • “63% of confirmed data breaches involved weak, default or stolen passwords.” (p. 24)
  • “The most common error of losing stuff is so common, it was deemed worthy of its own pattern.” (p. 44)
  • “In this year’s data, an asset is lost over 100 times more frequently than it is stolen.” (p. 48)

This should not be construed as an argument for disregarding other forms of defenses — including the really sophisticated stuff — because they are all needed. The Verizon Report establishes those points as well. The problem is, many businesses seem to focus so much on the really sophisticated aspect that they forget about the basics. They need both — but for many, the basics are more practical and easily obtainable, and for those businesses, it is a great place to start.

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Published by Shawn E. Tuma

Shawn Tuma is an attorney who is internationally recognized in cybersecurity, computer fraud and data privacy law, areas in which he has practiced for nearly two decades. He is a Partner at Spencer Fane, LLP where he regularly serves as outside cybersecurity and privacy counsel to a wide range of companies from small to midsized businesses to Fortune 100 enterprises. You can reach Shawn by telephone at 972.324.0317 or email him at stuma@spencerfane.com.

Join the Conversation

1 Comment

  1. Pingback: Lost Unencrypted USB of Heathrow Airport Security Files Exemplifies Poor Cyber Hygiene in Cybersecurity – Business Cyber Risk Blog

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Business Cyber Risk

Subscribe now to keep reading and get access to the full archive.

Continue reading