Who Is Behind Most Data Breaches?

Who Is Behind Most Data Breaches? article image.

Verizon recently released its 11th edition of a report looking at data breaches across various industries and companies. The 2018 Data Breach Investigations Report looks at more than 52,000 security incidents and over than 2,200 data breaches to learn more about how they happen and what we can do to protect ourselves. Among its findings, it shows that while "inside jobs" are prevalent, outsiders are behind most data breaches.


According to the report:

  • 73% of cyber attacks were triggered by "outsiders."
  • 28% of data breaches involved insiders.
  • Less than 2% involved company partners.

Additionally, of the attacks by "outsiders," most were carefully coordinated by some very bad actors.

  • Organized crime groups perpetuated 50% of the attacks.
  • 12% were launched by nation states or state affiliated groups, who aim to use breaches as political weapons and for economic advantage.

An Emerging Focus on Inside Attacks

With 28% of data breaches classified as "inside jobs" (up from 25% in 2016), Verizon analysts are strongly urging companies to step up their efforts to educate and train employees not just on cyber-attacks from external forces, but to focus on improving their own data security behaviors.

"Companies also need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation, and the bottom line," says Bryan Sartin, executive director security professional services at Verizon. "Employees should be a business's first line of defense, rather than the weakest link in the security chain. Ongoing training and education programs are essential. It only takes one person to click on a phishing email to expose an entire organization."

Ransomware Is a Growing Problem

The Verizon report's "inside and outside" cyber-attack theme should serve as a call to action to companies looking to safeguard customer data.

The majority of data attacks coming from external sources, who increasingly tend to favor ransomware attacks. The report shows that ransomware attacks doubled from 2017 to 2018, so the report notes that companies need to do a much better job of stopping data thieves at the point of attack, rather than back down and pay off a data hacker.

Ransomware is a form of malware which allows the hacker to "lock" access to a computer system's data using encryption. The data thief then tries to extort payment from the company targeted by the attacker, letting the company know the locked data will decrypted and released once payment is made.

Ransomware is different than most cyber-attacks, particularly as it notifies the targeted company that an attack is underway, and is provided specific instructions on how to make the payment. Increasingly, cyber criminals are demanding payment in Bitcoin and other cryptocurrencies, as the currencies are so difficult to trace.

"Ransomware remains a significant threat for companies of all sizes," says Sartin. "It's now the most prevalent form of malware, and its use has increased significantly over recent years."

Sartin notes that businesses still don't invest in appropriate security strategies to combat ransomware, meaning they end up with no option but to pay the ransom — making the cybercriminal the only winner when the smoke clears after a data breach. "As an industry, we have to help our customers take a more proactive approach to their security. Helping them to understand the threats they face is the first step to putting in place solutions to protect themselves."

What Can You Do to Protect Yourself?

Consumers are also the targets of ransomware, so avoiding links in emails and checking sources before downloading. Also, check to see that the companies you do business with stay up to date on the latest security measures. If you are the victim of a data breach, act quickly to protect more information from falling into the wrong hands.

What Tactics Were Utilized in Data Breaches

The Verizon report also shines a spotlight on the multiple models used by data thieves to crack into private data.

Here's how attacks in 2017 break down, according to the report:

  • 48% of breaches featured data hacking techniques.
  • 30% used malware.
  • 17% had errors as causal events.
  • 17% were social attacks (usually via phishing techniques).
  • 12% involved privilege misuse.
  • 11% of breaches featured physical actions.

A reduction in malware and hacking threats were reported from 2017 to 2018, although as a sub-category, ransomware attacks have increased. Botnet infection breaches are increasingly becoming a favorite data attack model of cyber-thieves, although installing keyloggers (known more commonly as malware) and stealing credentials via data hacking are still a "common path" for data thieves to take.

The strategy and tactics data thieves use also significantly impacts data breach timelines, according to Verizon.

"When breaches are successful, the time to compromise continues to be very short," the report states. "While we cannot determine how much time is spent in intelligence gathering or other adversary preparations, the time from the first action in an event chain to initial compromise of an asset is most often measured
in seconds or minutes. The discovery time is likelier to be weeks or months."

The discovery time is also very dependent on the type of attack, Verizon notes, with "payment card compromises often discovered based on the fraudulent use of the stolen data (typically weeks or months) as opposed to a stolen laptop which is discovered when the victim realizes they have
been burglarized."

Different Industries, Different Data Breach Threat Levels

The Verizon report takes a closer look at the data from the perspective of specific industries. In doing so, it's increasingly apparent that cyber-thieves want to have different goals when launching a data attack, and tailor those goals differently between industries.

For example, in the accommodations and food industry, 99% of digital data break-ins are committed by external actors, and only 1% are inside jobs. Verizon states that 99% of the data breaches in the accommodations and food industry are conducted with financial gain in mind, with 1% deemed "all other motives."

"As stated in previous reports, often restaurants are smaller organizations without the luxury of trained security staff, but they are forced to rely almost exclusively on payment cards for their existence, so this finding is not unexpected but is certainly unfortunate," Verizon reports. "These attacks are overwhelmingly motivated by financial gain and perpetrated by organized crime."

Yet 81% data breaches in the education sector are committed by external forces, and 19% committed by internal parties. Additionally, 70% of cyber-crimes in the educational sector for financial motivations, while 20% were committed for espionage purposes.

A New Age of Data Breaches

With 50% of cyber-crimes attributed to organize crime, and 12% linked to nation states, companies looking to safeguard data find themselves on new, and highly risky, data protection terrain.

Unfortunately, most companies have yet to even come to grips with being aware of a data breach, let along establish strategies to stop one.

Verizon reports that 68% of data breaches aren't uncovered for months or longer, even though 87% of data attacks recorded saw data compromised within minutes or less of the data breach occurring.

The way out for companies looking to great aggressive in protecting user data is to be proactive.

Increasingly, however, it's become an uphill fight for companies looking for effective ways to protect private data.

With new threats, and aggressive, and even dangerous, data attackers in play, deploying all of the above seven strategies is a good start at keeping data thieves at bay — whoever they may be.

The purpose of this question submission tool is to provide general education on credit reporting. The Ask Experian team cannot respond to each question individually. However, if your question is of interest to a wide audience of consumers, the Experian team may include it in a future post and may also share responses in its social media outreach. If you have a question, others likely have the same question, too. By sharing your questions and our answers, we can help others as well.

Personal credit report disputes cannot be submitted through Ask Experian. To dispute information in your personal credit report, simply follow the instructions provided with it. Your personal credit report includes appropriate contact information including a website address, toll-free telephone number and mailing address.

To submit a dispute online visit Experian's Dispute Center. If you have a current copy of your personal credit report, simply enter the report number where indicated, and follow the instructions provided. If you do not have a current personal report, Experian will provide a free copy when you submit the information requested. Additionally, you may obtain a free copy of your report once a week through April 2022 at AnnualCreditReport.