Web application attacks, point-of-sale intrusions, cyberespionage and crimeware were the leading causes of confirmed data breaches last year.
The findings are based on data collected by Verizon Enterprise Solutions and 70 other organizations from almost 80,000 security incidents and over 2,000 confirmed data breaches in 61 countries.
According to Verizon's 2015 Data Breach Investigations Report, which analyzes security incidents that happened last year, the top five affected industries by number of confirmed data breaches were: public administration, financial services, manufacturing, accommodations and retail.
Humans were again the weak link that led to many of the compromises. The data shows that phishing -- whether used to trick users into opening infected email attachments, click on malicious links, or input their credentials on rogue websites -- remains the weapon of choice for many criminals and spies.
For the past two years, over two-thirds of cyberespionage incidents involved phishing, the Verizon team said in its report. Hundreds of incidents from the crimeware section have also included the technique in their event chain, they said.
The data showed that 23 percent of phishing email recipients are open the messages and 11 percent of them click on the attachment inside. A small phishing campaign of only 10 emails comes with an over 90 percent chance that at least one person will become a victim, the Verizon team said.
The time window for organizations to react to such attacks is very small, with the median time from when an email is sent to when the first user clicks on the link inside being just one minute and 22 seconds. Sanctioned tests have showed that nearly half of the users who end up opening phishing emails and clicking on links do so within the first hour.
Employees of certain business departments are more likely to fall victim to phishing attacks than others. Workers in departments like communications, legal and customer service are at greater risk because opening email is a central component in their jobs, so companies will probably want to start security awareness training with them.
Ironically, while users are the problem, they can also be the solution to phishing. If trained properly, they can become a network of human sensors that are better at detecting sophisticated email attacks than any technology.
As always, compromised credentials, whether they were obtained through phishing, spyware or brute-force methods, played a major role in many data breaches.
Credentials were the second most common type of record after bank information that was stolen by crimeware -- malware attacks that don't fall into more specific categories like cyberespionage. However, many stolen credentials are later used to compromise bank records, so they're likely under-represented in the statistics, according to the Verizon team.
Sign up for Computerworld eNewsletters.