Kusserow on Compliance: Most data breaches are financially motivated by outside parties

71 percent of breaches last year were financially motivated

C-Suite Executives 12 times more likely to be a target

Ransomware attacks account for one out of four cyber-attacks

Safeguarding Tips from Strategic Management

According to the to the Verizon 2019 Data Breach Investigation Report (DBIR), 71 percent of breaches were financially motivated and 69 percent were perpetrated by outsiders. This 12th edition of the annual report analyzed 41,686 security incidents, which included 2,013 confirmed breaches. This year’s report included new metrics and analysis from the FBI Internet Crime Complaint Center (IC3). Not surprising, the C-Suite was the major target, because they are in the position to transfer money. They were found twelve times more likely to be the targets of breaches.  Also, time-pressed senior executives tend to move quickly in reviewing and clicking on emails, resulting in a greater likelihood that suspicious emails slip through. On a positive note, attacks against HR personnel has rapidly decline in recent years, in large measure as result of W-2 tax form scams almost disappearing as a problem. Some other interesting statistics from the report:

  • 52 percent of breaches involved hacking
  • 33 percent of breaches included social attacks
  • 28 percent of breaches involved malware
  • 32 percent of breaches involved phishing
  • 29 percent of breaches involved the use of stolen credentials
  • 21 percent of breaches were caused by errors
  • 56 percent of breaches took months or longer to discover


Safeguarding Tips from Strategic Management

  • Brief executives, as the prime targets, on avoiding cyber-attacks
  • Train employees to not click on email links/attachment, or respond to “phishing” inquiries
  • Provide ongoing employee and contractor training on what to do and not to do
  • Implement policies/procedures for precautions against malware
  • Conduct a risk assessment to understand threats presented by an insider
  • Regular systems tests can also help flag vulnerabilities before a hacker can get in
  • Configure email servers to block zip or other files that are likely to be malicious
  • Continuously monitor employee and vendor networks
  • Conduct regular systems tests to flag vulnerabilities before a hacker can gain access
  • Update and upgrade software
  • Use encryption to guard against information being read by unauthorized parties
  • Establish multi-factor authentication
  • Regularly test users to make sure they are on guard

For more information health care provider cyber-security, contact Dr. Cornelia Dorfschmid at cdorfschmid@strategicm.com or at (703) 535-1419.


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.