The negative effects of data breaches have been well documented over the years, with many high-profile companies suffering staggering economic and reputational damage at the hands of malicious hackers. However, understanding of the root causes of data breaches and how to best protect against them continues to lag behind, leaving companies big and small vulnerable to attack.
In order to help address this issue and provide companies with the knowledge to step up their own security, Verizon began releasing a massive annual report in 2008 called its “Data Breach Investigation Report” (DBIR). Now in its ninth year, the Verizon DBIR has quickly become one of the most important and informative cybersecurity reports in the world. The 2016 Verizon DBIR continues that trend with one of the more interesting (and startling) reports to date.
How Are They Happening?
One of the most important stats to come out of this year's Verizon DBIR is also one of the least surprising. In analyzing hundreds of thousands of cybersecurity incidents from the past year (including 2,260 confirmed data breaches across 82 countries), Verizon found that 63% of confirmed breaches involved weak, default or stolen passwords. It's nothing new that poor password habits are hurting businesses and consumers (TeleSign's 2015 Consumer Account Security Report (CASR) found that 70% of consumers no longer trust passwords to protect their online accounts), but to see such a high majority of data breaches occur due to such a fixable problem is concerning.
To help better protect their networks, Verizon recommends businesses start offering and mandating two-factor authentication on top of standard password security. We already know 72% of consumers are interested in this extra layer of security according to our report, and data now shows businesses can no longer avoid the impact of failing to require 2FA. 2FA prevents hackers from accessing your accounts, even if they know your password.
Why Are They Happening?
Beyond the how, Verizon took a look at some of the biggest motivations behind data breaches. What they found is 89% of breaches had a financial or espionage motive. Further, an incredible 95% of confirmed Web app breaches were financially motivated. It has become abundantly clear the business of fraud is booming, and data breaches are fueling this growth.
As hackers get their hands on massive amounts of stolen credentials, they are able to sell these credentials for profit or use them in more substantial attacks on internal networks of some of the biggest companies in the world. In fact, the Verizon DBIR shows that stolen credentials are at the top of the list of threat actions used in data breaches.
What Can Businesses Do?
Data breaches aren't going away any time soon. And while there are many steps businesses can take to help mitigate the effects should one occur, the 2016 Verizon DBIR has made it clear that one of the most important steps to take is protecting against stolen account credentials. Offering, and even mandating, two-factor authentication can help protect businesses internal networks and their end-users from Account Takeover Fraud even when stolen credentials are obtained by hackers.
At TeleSign, we provide two-factor authentication services for many of the world's largest web properties, helping to protect more than 3.5 billion consumer accounts. We are also adding exciting new layers of authentication security such as behavioral biometrics that can help better protect against Account Takeover Fraud without adding friction to users. As Verizon has shown, it's time for businesses to take steps to improve their account security before it's too late. After all, you never know who will be the victim of the next big data breach.
You can also learn more about TeleSign's innovative fraud prevention services at www.telesign.com/products.