Diving back into SMB breaches

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Gracias.

You will soon receive an email with a link to confirm your access. When you click to confirm from your email, your document will be available for download.

If you do not receive an email within 2 hours, please check your spam folder.

Gracias.

You may now close this message and continue to your article.

  • Small (Less than 1,000 employees)


    Frequency

    1,037 incidents, 263 with confirmed data disclosure


    Top Patterns

    System Intrusion, Miscellaneous Errors, and Basic Web Application Attacks represent 80% of breaches


    Threat Actors

    External (57%), Internal (44%), Multiple (1%), Partner (0%) (breaches)


    Actor Motives

    Financial (93%), Espionage (3%), Fun (2%), Convenience (1%), Grudge (1%), Other (1%) (breaches)


    Data compromised

    Credentials (44%), Personal (39%), Other (34%), Medical (17%) (breaches)


  • One size fits all-most 

    The first thing we noticed while analyzing the data by organizational size this year was that the gap between the two with regard to the number of breaches, has become much less pronounced. Last year, small organizations accounted for less than half the number of breaches that large organizations showed. Unlike most political parties, this year these two are less far apart with 307 breaches in large and 263 breaches in small organizations. 

    Another interesting finding was that the top patterns have aligned across both org sizes. For the first time since we began to look at this from an organizational size perspective, the two groups are very similar to each other and, at least pattern-wise, this seems like a ‘one size fits all’ situation. 

    Last year, small organizations were greatly troubled by Web Applications, Everything Else and Miscellaneous Errors. The changes in our patterns account for a good bit of what we see this year in small organizations, since the Everything Else pattern was recalibrated, and the attacks that remain are largely Hacking and Malware, thus fitting into the System Intrusion pattern. In contrast, large organizations saw a fair amount of actual change. The top three last year were Everything Else, Crimeware and Privilege Misuse. The pattern recalibration means that most of the Crimeware type events went into System Intrusion and Basic Web Application Attacks, but Privilege Misuse is not a pattern that saw any substantial degree of change. Therefore, this is an indication that we saw less Internal actors doing naughty things with their employer’s data.

  • Figure 123
  • Large (More than 1,000 employees)


    Frequency

    819 incidents, 307 with confirmed data disclosure


    Top Patterns

    System Intrusion, Miscellaneous Errors and Basic Web Application Attacks represent 74% of breaches


    Threat Actors

    External (64%), Internal (36%), Partner (1%), Multiple (1%) (breaches)


    Actor Motives

    Financial (87%), Fun (7%), Espionage (5%), Convenience (2%), Grudge (2%), Secondary (1%) (breaches)


    Data compromised

    Credentials (42%), Personal (38%), Other (34%), Internal (17%) (breaches)


  • Since the patterns have now largely aligned between the two organizational sizes, we can talk a little about what that means for both. First, both are being targeted by financially motivated organized crime actors. This isn’t a news flash to anyone (or shouldn’t be) because professional criminals do tend to be motivated by money. For that matter, we’d wager most amateur criminals are as well (if we were the wagering type, which, of course, we aren’t. As far as you know). 

    Concerning the common patterns of System Intrusion and Basic Web Application Attacks, those run the gamut of simple to complex attacks, frequently focused on web infrastructure. The Hacking action of Use of stolen creds followed by Malware installation is the playbook these actors prefer to follow. Increasingly, we see ransomware deployed by the actor after access; sometimes after they have taken a copy of the data to incentivize their victims to part with their hard-earned Bitcoin. 

    When we turn to Discovery timelines, we see a difference between the organizational sizes (Figures 123 and 124 respectively). Last year we reported that smaller organizations seemed to be doing better in terms of discovering breaches more quickly than their larger counterparts. This year’s data shows that large organizations have made a shift to finding breaches within ‘Days or less’ in over half of the cases (55%), while small organizations fared less positively at 47%.

  • This year’s data shows that large organizations have made a shift to finding breaches within ‘Days or less’ in over half of the cases (55%), while small organizations fared less positively at 47%.

  • Figure 124

Let's get started.