Yong Zhou
Security Solutions Architect

Lessons Learned from Verizon DBiR 2020

May 20, 2020 by Yong Zhou

Verizon had just released its annual Data Breach Incident Report (DBiR) 2020. It analyzes 32,002 qualified security incidents and 3,950 confirmed data breaches across 81 countries.

After reading through the report, one thing was clear—not a lot has changed. The top four “threat actions” that led to breaches in 2019 also top the list in 2020: Hacking, Social, Errors, and Malware.

  • Hacking – Predominantly associated with web applications as the attacking vector, in fact, 43% of breaches involved a web application
  • Social – Phishing emails continue to be popular, with 22% of breaches starting from this action
  • Errors – Misconfiguration has been increasing in recent years, no surprise given the complexity of security operations, and rose 4.9% as an action that led to a breach
  • Malware – Email link, file attachment, and web download remain the top vectors for both credential stealing and data-stealing, as well as ransomware data encryption

More Security Tools and Controls are Not the Answer

Every year the DBiR is scrutinized and every vendor throws out a blog post detailing how their products can help you avoid these actions. But what is clear in the 2020 report is that more tools and controls aren’t the answer. It’s tightening and aligning the technology you already have in place. When you configure your tech properly, eliminate temporary policy exemptions, and continuously monitor against all of these known actions, you’ll operate at much lower risk and much higher confidence. 

The Keysight Threat Simulator, a Breach and Attack Simulation (BAS) solution, creates these real attacks in an automated, continuous, and safe manner and provides detailed recommendations so you don’t become a statistic in the 2021 DBiR. As we like to say, attack yourself before they do!

Walking through the DBiR and the Threat Simulator assessment library, let’s look at a few ways you could do this today (literally, if you sign up for our free trial):

Emulate Attacks from DBiR 2020

Web Application Security Assessment – This assessment validates your security controls for commonly-used, enterprise web applications. It contains a collection of web-application attacks that the Keysight Application and Threat Intelligence (ATI) team deemed relevant and the sub-categories that reflect OWASP Web Application Top 10 security risks.


Kill Chain Assessment Led with a Phishing email – Lazarus APT and Hancitor Covid19 Mailspam are two advanced persistent threat (APT) kill chain emulations supported on Threat Simulator with phishing email as the leading attack vector. These emulated full life-cycle attacks can not only validate your network security controls for effective phishing email blocking but also assess your SecOps incident detection and response process.


Find and Fix Any Security Control Misconfigurations – Continuously running Threat Simulator security instrumentation and policy assessments can help you find any misconfigurations in your network security controls and provide “clear to follow” recommendations to fix these issues and improve your overall security efficacy. As stated in the DBiR, “The only action type that is consistently increasing year-to-year in frequency is Error.”

Malware Assessment – This assessment is designed to test the implemented security controls intended to prevent malware downloaded via HTTP. This assessment is a collection of malware audits, simulating the downloading of various kinds of malware.


Security is never static. New cyberattacks, misconfigurations, and security products are rampant. How do you take control of this ever-changing threat landscape? The only way to know is to assess your own defenses before hackers can. Give Threat simulator a (free) try today.