Most data breaches leverage weak, default or stolen passwords: Report

Cyber attackers are well-funded, cunning, ruthless and otherwise mean people But they get a helping hand from their victims, according to the  Verizon 2016 Data Breach Investigations Report.

Released this week, the report found after examining 64,199 incidents and 2,260 breaches in 82 countries — including Canada — that 63 per cent of confirmed data breaches involved leveraging weak, default or stolen passwords. And despite awareness training, a lot of employees still can’t recognize phishing messages.

As usual the breezily-written report provides sobering reading for CISOs, who should pass it on to their teams. Highlights include:

–We’re still suckers: Almost a third (30 per cent) of phishing messages were opened—up from 23 per cent in 2014. And 12 per cent of targets went on to open the malicious attachment or click the link—about the same as 2014 (11 per cent). Of  636,000 targeted phishing emails examined, only 3 per cent of the potential victims notified management of a possible problem.

–It would be a mistake to think the biggest risk you face is from new-to-the-world vulnerabilities. Most attacks exploit known vulnerabilities—where a patch has often been available for months, if not years;

–Don’t obsess over the risk of insiders: The overwhelming number of breaches –upwards of 80 per cent –still are made by external actors;

–Attackers are getting even quicker at compromising their victims (think of how fast a phishing exploit works);

–For all the money CISOs spend on defence, the odds are law enforcement and/or a third party will alter you of a breach, not all the dashboards you have running.

The overwhelming number of breaches and incidents are covered by the same nine patterns seen in the past few years, says the report. The biggest are:

–Miscellaneous errors (17.7 per cent), including shortage of server capacity that causes non-malicious Web traffic spikes to cause applications to crash, and sending sensitive information to the wrong person.

REMEDIES: Keep a record of common errors to increase security awareness training and measure the effectiveness of your controls; Consider using data loss prevention (DLP) software; Make sure your assets are wiped of sensitive data before they’re sold;

–Insider and privilege misuse (16.3 per cent), mainly by insiders. Contrary to what some people think, it’s rarely system admins or developers with elevated privileges that fall victim. End-users account for a third of insider misuse.

REMEDIES: Limit access to sensitive data to those who really need it — and track that access by monitoring user behaviour. Also, track USB usage.

–Physical theft and loss (15.1 per cent), including laptops, USB and other drives, printed documents.

REMEDIES: Encrypt data, train your staff in security awareness and reduce the amount of paper with data classification and printing rules.

–Denial of service (15 per cent). In addition to stopping the organization, DDoS attacks can mask other attacks. (See Web app attacks, below)

REMEDIES: Segregate key servers, chose providers that can protect their service and yours, and, if you have one, test your anti-DDoS service.

–Crimeware (12.4 per cent). Covers the use of malware that doesn’t fit a more specific pattern. Includes ransomware.

REMEDIES: Patch promptly, initiate configuration change monitoring, Examine the different types of malware you’ve fallen foul of—and, if possible, the entry point. This gives intelligence on where to prioritize your efforts. Amd backup systems regularly.

–Web app attacks (8.3 per cent) Many web app attacks are indiscriminate—the attackers found a weak target with a vulnerability they could compromise; or got a foothold through a phishing campaign. Verizon almost 20,000 incidents where compromised websites were used in distributed denial of service (DDoS) attacks or repurposed as phishing sites.

–REMEDIES: Use two-factor authentication. lock out accounts after repeated failed attempts. Consider using biometrics for authentication. Patch promptly.

This is just a small part of the 80-page report. It’s full of nuggets.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now