Verizon Security Report: 97 Percent of Attacks Were Avoidable

A security report released today by Verizon that studied 855 breach incidents from last year concluded that 97 percent of them could have been avoided by "simple and intermediate controls."

The report also found that 58 percent of these breaches were done by online "hacktivists" -- those who attacked in social protest, retaliation, activism or simply to pull a prank on unsuspecting users. Verizon's report indicated that it's harder to prepare for the next attack in cases where the hacks weren't done for monetary gain.

"Doubly concerning for many organizations and executives was that target selection by these groups didn't follow the logical lines of who has money and/or valuable information," said the report. "Enemies are even scarier when you can't predict their behavior."

Much of the 97 breaches -- especially those that came from hactivists --  could have just been avoided if users kept in mind that if you are online, you are always susceptible to attacks, said Rapid 7's security researcher Marcus Carey.

"Bottom line: if you are vulnerable you can expect to be exploited," said Carey. "The good news though is that this also means organizations can significantly reduce their risk through proper vulnerability management, educating users, and implementing network-based access controls lists."

As for the types of attacks used, Verizon found that incidents that utilized a hacking tool or skill constituted 81 percent of attacks, with 69 percent of those attacks employing the help of malware to pull off the breach.

Verizon said the types of attacks used has changed little over the past few years because hackers continue to get the same results with known attack vectors.

"We have seen nothing new," said Verizon analyst Marc Spitler. "Some of the old standbys are continuing to work very well for the people going after information."

While Verizon found that the majority of incidents studied were caused by hacktivists, it noted that the more traditional attacks from criminal organizations were focused on smaller corporate targets in 2011.  The report found that attacks on businesses in the accommodation and food service industries made up 54 percent of the 855 breaches studied. It found that 85 percent of those businesses employed less than 1,000 personnel.

"Smaller businesses are the ideal target for such raids, and money-driven, risk-averse cybercriminals understand this very well," the report explained. "Thus, the number of victims in this category continues to swell."

Attacks against small corporations consist mostly of using malware and finding vulnerabilities in Web sites. By contrast, when larger companies are attacked, the hacks tend to be done using phishing and social engineering.

It's important to note that Verizon only studied breaches that were reported to local and federal law enforcement agencies. The report acknowledged that a majority of attacks, especially against large corporations, are never disclosed.

About the Author

Chris Paoli is the site producer for and


  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.