Context from 114,000 human attack surface management platform users bolstered annual report with valuable data on human risk
BERKELEY, Calif., May 19, 2021 – Elevate Security, a leader in cybersecurity human attack surface management, today announced that it is a contributing organization for the Verizon 2021 Data Breach Investigations Report. The annual Verizon DBIR this year analyzed 79,635 incidents – of which 29,207 met Verizon’s quality standards and 5,258 were confirmed data breaches – sampled from 88 countries around the world.
“Benchmarking and managing the human attack surface within an organization is essential to reducing data breaches caused by human error,” said Robert Fly, co-founder and CEO of Elevate Security. “As the DBIR shows, human error stubbornly continues to be one of the most problematic cybersecurity issues for businesses, and existing technology and incident management are simply not enough. Organizations require more complete visibility into human risk and need to deploy personalized security controls focused on the riskiest employees in order for CISOs to protect the enterprise.”
The Verizon DBIR found that the human element was involved in 85% of all breaches. It also found that phishing increased by 11% and business email compromises (BECs) doubled from the previous year – a significant finding, as last year BECs doubled from the year before. Breaches caused by phishing attacks and BECs are often due to human error.
“As a contributing organization to the DBIR, Elevate Security provided valuable data on human risk and employee security decisions that are essential to understanding data breaches,” said Alex Pinto, Team Lead at Verizon DBIR. “Human error continues to be at the heart of challenges facing many industries, with employees falling victim to social engineering, malware, misuse, and lost and stolen assets. The importance of addressing human error as it relates to data breaches cannot be overstated.”
Elevate Security provided Verizon with aggregated data from 114,000 Elevate Security Platform users spread across more than 2,000 organizational departments. The human attack surface management data was aggregated from early 2018 to 2020 and included 4.5 million user actions. The proprietary and customizable Elevate Security Platform ingests employee actions from across an organization’s security technology to help security leaders measure and reduce the human attack surface.
The DBIR and a recently released report by Elevate Security and Cyentia Institute contribute to a much broader understanding of the trends driving data breaches, how they are occurring and the impact they have on businesses. The Cyentia report, released earlier this month, examined human cybersecurity risk in the workforce and found that traditional employee risk mitigation efforts such as security awareness training and phishing simulations have a limited impact on improving employees’ real-world cybersecurity practices. Elevate Security’s first-of-its-kind platform, launched earlier this month, addresses this problem by giving CISOs benchmarked visibility into employee error and the ability to create “safety nets” around the riskiest employees to protect the organization. The Elevate Security platform delivers unprecedented enterprise clarity and control into how different departments, regions and groups across the organization rank for cybersecurity vulnerabilities. By tailoring responses to specific employee risk levels, CISOs are able to optimize the ROI of their security technology spend and focus on high-risk groups while strengthening their overall cyber defense strategy.