The 2020 Verizon Data Breach Report – What You Need to Know

December 21st, 2020
The 2020 Verizon Data Breach Report – What You Need to Know

2020 has been one heck of a year and, like everything else, cyberthreats have taxed small and large businesses alike. Verizon did a deep dive into this year’s data, and the 2020 Verizon Data Breach Investigations Report (DBIR) tells us what IT providers need for 2021.

There’s no doubt you need to protect your organization from cyberthreats. After all, Verizon tracked a lot of threats, incidents and breaches, and confirmed 3,950 of them. That's a lot of data to sift through.

As the Gulf Coast’s most trusted managed services provider, we know this information is valuable to people like you. That's why we've condensed this report into one quick read so you know how to protect your business in 2021.

Who Will Be Causing Network Security Cyber Trouble in 2021?

Although the media has talked a great deal about nation-states and sophisticated hackers being a threat to network security, the Verizon data breach report found that most cyberattacks are simple, yet effective, ways to steal information. Cybercriminals, aka bad actors, have picked the easiest hacks that cost them the least amount of time and money. Since the name of the game is making fast cash, they target trusting humans to steal information, which provides quick wins with little out-of-pocket expenses for them.

Unfortunately, bad actors use misdirection to hack and steal information, so the report can't point to one group of hackers. Bad actors can obscure their identification, hide their digital fingerprints and be anywhere in the world. But the DBIR report found a pattern to the breaches.

Bad Actors by the Numbers

  • 70% External Actors
  • 55% Organized Crime
  • 30% Internal Actors

External Bad Actors – the Hackers You Don’t Know

The numbers above mean that external actors will most likely threaten your network security. But you do have a 30% chance of someone in your organization threatening your network, and 55% of breaches are related to organized crime. Hackers most often gain access to your secured IT through a remotely accessed, misconfigured firewall or RDP.

Internal Bad Actors – the People You Do Know

We like to think that a nation-state or some major group of cybercriminals has hacked the un-hackable, like a James Bond movie. But in reality, human error is the second most common cause of incidents and breaches, with network security misconfigurations being at the top of the list. The numbers point to the fact that you need additional IT solutions to protect your data.

The Balance Between Secured IT and Your Staff

In our efforts to balance security with productivity, we must find the right balance between humans and technology. Often, in-house IT management professionals will try to find the right mix between the two so that productivity does not suffer and workers do not complain too much. But a managed services provider like AGJ can help you balance the two and provide the highest level of security. AGJ can also lighten the load for in-house IT managers.

Cybercriminals Will Target Your Employees.

The truth is cybercriminals target your employees because they know how to manipulate your workers. With one well-worded, socially engineered email, your employees will give away their credentials. Cybercriminals like to exploit network security application vulnerabilities as well. Managed firewalls, virus protection and security information and event management (SIEM) help keep your data safe. But you cannot protect your network and data through technology alone. Educating your employees and IT staff to spot threats is essential, and AGJ is here to help with our security awareness training.

What You Need to Know About Hacking and IT Management in 2021

The Verizon data breach report found that nearly half the breaches reported in 2020 involved hacking. How do cybercriminals get into your system? Email is the top delivery method again this year.

Your Company’s Email Is Your Digital Identity.

Your company's digital identity is tied to your domain email, and cybercriminals know it. If a cybercriminal can breach your email, they can essentially become someone from your company, even you. Your employees may not be able to spot the fraud, so they share information with the hacker. At that point, it's a simple matter of moving laterally across your corporate networks to find exploitable, sensitive information that they can sell.

IT Solutions Stop Cybercriminals.

IT solutions that keep your information safe are an integral part of every business today. If your employees know how cybercriminals bypass secured IT, then your staff will avoid letting criminals into your network. At AGJ, we believe that educated teams who know the latest hacking practices will understand what their risks are and how to mitigate them.

Ransomware Is on the Rise.

If your company is like most, you have trained your employees on the dangers of malware, and you have malware detection in place. But because malware use is on the decline this year, cybercriminals are looking for new ways to exploit your trusting employees. Now, ransomware is a threat for companies, celebrities and governments. Spotting ransomware email is vital to protecting your network, and as a managed IT service provider, AGJ can help keep your company’s data safe from cybercriminals.

Cloud-Based Incidents Increase.

Although 70% of breaches involved on-premise threats, Cloud Computing was involved in 24% of reported breaches. With more companies moving their data to the cloud, businesses are benefiting from cloud-based security solutions. But because remote users must access the cloud, they create vulnerabilities in the network. There is a common misconception that cloud equals safe from cyberthreats.

Again, your employees are the key to keeping your data safe. Because stolen credentials are the most common way for cybercriminals to access your information, creating a user hierarchy is vital for all employees. A sound network security plan will also have strong passwords and multi-factor identification. This kind of cloud security strategy will protect your data from cybercriminals.

IT Solutions for Every Business

When it comes to cybercrimes, a company’s size does not matter. Cybercriminals will target your information security whether your company is large or small. In fact, 28% of the breaches this year involved small businesses. Because most attacks are financially motivated, cyberattackers know that they just have to keep trying until they find the information that leads to making money. Of the breaches studied this year, 86% were financial. We have even seen an increase in attacks on small nonprofit organizations. No matter the size of your business, having a data recovery and backup plan will get you back up and running if a breach occurs.

AGJ IT Consultation for 2021

The numbers don’t lie. If you don’t think you’re going to experience a cyberattack, think again. Those companies that do invest in an incident response plan recover faster and save more money than those that don’t. Cybersecurity is complex, and getting the mix between people and technology right is crucial in keeping your information safe.

For 2021, resolve to contact AGJ for an IT consultation. We will prepare a cyber incident response and business continuity plan tailored to your business. We will make sure that, if an incident or breach happens, your information is protected and your network is restored quickly.