Verizon released its 2016 Data Breach Investigations Report and it confirms what many of us have been saying for a while: start by focusing on the basics of cybersecurity!
Making this point, a few days ago I wrote “The problem is, while many businesses are victimized by the super sophisticated “unprecedented” exotic (real) hacking attacks, they are in the minority. The vast majority of the cybersecurity incidents companies experience are because of much simpler things like lost USB drives, stolen laptops, or highly-effective phishing scams.” (post)
Here are a few excerpts of the Verizon Report that confirm that businesses that spend their resources addressing the basics will be focusing on a significant part of the cybersecurity problem:
- “Phishing has continued to trend upward … and is found in the most opportunistic attacks as well as the sophisticated nation-state tomfoolery.” (p. 12)
- “The majority of phishing cases feature phishing as a means to install persistent malware.” (p. 21)
- “63% of confirmed data breaches involved weak, default or stolen passwords.” (p. 24)
- “The most common error of losing stuff is so common, it was deemed worthy of its own pattern.” (p. 44)
- “In this year’s data, an asset is lost over 100 times more frequently than it is stolen.” (p. 48)
This should not be construed as an argument for disregarding other forms of defenses — including the really sophisticated stuff — because they are all needed. The Verizon Report establishes those points as well. The problem is, many businesses seem to focus so much on the really sophisticated aspect that they forget about the basics. They need both — but for many, the basics are more practical and easily obtainable, and for those businesses, it is a great place to start.
Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.