The 2015 DBIR expands its investigation into nine common threat patterns and sizes up the effects of all types of data breaches, from small data disclosures to events that hit the headlines.
Though the number of breaches per threat actor changes rather dramatically each year, the overall proportion attributed to external, internal, and partner actors stays roughly the same. In the 2013 DBIR, phishing was associated with over 95% of incidents, and for two years running, more than two-thirds of incidents have featured phishing. The user interaction is not about eliciting information, but for attackers to establish persistence on user devices, set up camp, and continue their stealthy march inside the network.
The “old” method of duping people into providing their personal identification numbers or bank information is still around, but the targets are largely individuals versus organizations. Report shares some interesting statistics regarding organization demographics. Is one department or user group more likely than another to fall victim to phishing attacks? Departments such as Communications, Legal, and Customer Service were far more likely to actually open an e-mail than all other departments.
For full report click here.
