What Verizon’s 2020 Dbir Findings Mean For Your Attack Surface?

What Verizon’s 2020 Dbir Findings Mean For Your Attack Surface?


Share on linkedin
Share on facebook
Share on twitter

The Verizon’s 2020 Data Breach Investigations Report was recently published. This year’s report, all 119 pages of it, are full of interesting insights. Here are the report’s key findings and our take on them.

External Actors are the Main Perpetrators in Breaches

The overwhelming majority of breaches, 70% of them to be exact, continue to be perpetrated by external actors. Based on previous reports, as well as what we see in the wild, external actors have been the main perpetrators for quite some time.

Attack Surface Implications:

Most people don’t like hard work and attackers are no different. External actors are looking for the low hanging fruits – those weakest entry points into your internal network which are easy to find.

Here are a few examples of such entry points and how they tend to be breached:

  • Exposed login panels not placed behind VPNs – stolen credentials can be used to access the system and the sensitive data it stores.
  • A development tool login page which allows for ‘self-registration’ which grants guest users access to the server. Anyone that happens to find this page will be able to sign in and gain access.
  • A misconfigured database which exposes sensitive information to the world – well in this case the  hackers don’t even have to try…

Hackers find these entry points by scanning the internet using open source tools. While you and your team might not be aware of these exposures, they can be discovered and exploited by attackers.

Seeing your attack surface from the attackers’ point of view and gaining an external perspective of your exposure status is key for leveling the playing field.

Errors are Causal Events in 22% of Breaches

In the 2020 DBIR report, errors represent the third most common reason for breaches. They are almost on a par with social breaches and are more common than malware. What’s more, errors are ubiquitous across all industries. Verizon’s report defines several types of errors including misconfigurations, misdeliveries, publishing errors and losses. The most common error variety is a misconfiguration. Since 2017, misconfiguration errors have been on the rise and they are mostly attributed to unintentional exposure of assets to the internet.

Attack Surface Implications:

Unintentional exposure of internet-facing assets is something we know a thing or two about. Reposify detects approximately 35 million exposed assets every week on average. Many of them represent critical exposures.

The numbers speak for themselves and indeed misconfiguration errors are a major thing. But such errors, if caught in real-time, can be easily fixed.

The reality is that making an error and being aware of it are two different things.  Reposify’s data shows that organizations are typically unaware of anywhere between 30% to 80% of their risky exposures.

You simply can’t fix it if you can’t see it.

It’s almost impossible to eliminate such errors. Ultimately, making mistakes is part of what makes us human. Therefore, you need a scalable way to stay on top of such errors so you can catch them in time, before attackers find them and attempt to leverage them.

A real-time and continuous view of your exposure level and its impact on your security posture is the solution.

Web Applications are the Top Attack Vector in Breaches

According to Verizon’s data breach Investigation report, 43% of breaches involved web applications attacks, twice as much as last year.

Attack Surface Implications:

This is definitely not surprising. When it comes to exposed assets – web assets represent the largest asset category. On average, every week there are 10 million exposed web assets of which about 5.5% are unpatched and vulnerable to critical CVEs.

Here is an example of web assets exposure status from week 21 of 2020 taken from our Free Weekly Attack Surface Status Report

Web Assets for DBIR blog

Asset Management Solutions Do Not Cover your Unknown Assets

Verizon’s data breach report states that organizations have approximately 43% of their internet-facing IPs in one network. The rest are scattered across 7 or more networks.

Attack Surface Implications:

There is no doubt that organizations have an asset management problem. Reposify’s data shows that on average, 64% of organizations’ internet-facing assets are not officially registered. In addition, 80-95% of organizations’ public IP addresses are ephemeral and therefore much more difficult to monitor.

The limited visibility into your complete internet-facing asset inventory is one of the main reasons for the formation of shadow IT risks, unpatched vulnerabilities and unattended misconfigurations – all of which can lead to security incidents and breaches.

Hacking is Driven by Brute Force Attacks & Use of Stolen Credentials.

Hacking is the number one tactic used in breaches. The report divides hacking into 3 main types:

1.Attacks using stolen credentials or brute force

2.Attacks which exploit unpatched vulnerabilities

3.Attacks using backdoors and Command and Control functionality.

Attack Surface Implications:

The data delivered in Verizon’s 2020 DBIR illustrates the importance of not leaving the login panels for sensitive systems exposed online.  Login panels are often gateways into sensitive systems. Leaving them exposed means that they can be easily discovered by anyone with an internet connection.

Using stolen credentials or running brute force attacks on such login panels would not be possible if they were protected behind a VPN.

The ability to discover all your exposed login panels in real-time can be extremely helpful in reducing the risk of an attack.


Most organizations suffer from a great deal of blind spots in their ever-changing attack surfaces. Many of the action varieties leading to breaches including errors, vulnerability exploitation and others could have been avoided if IT and security teams had a scalable way to stay on top of their asset exposure status, 24/7. 

If you would like to see how Reposify can help your business gain a real-time view of your exposure and avoid breaches contact us today or request a free demo.

New call-to-action

Reposify is an attack surface management platform delivering autonomous 24/7 discovery of exposed assets across all environments and the supply chain. Leading enterprises worldwide use Reposify to gain unparalleled visibility of their internet-facing assets and actionable security insights for eliminating shadow IT risks in real-time


Share on linkedin
Share on facebook
Share on twitter

Ready to discover your External Attack Surface?

Read Next

External Attack Surface Management for Red Teams

With real-time visibility into the external attack surface, Red Teams can know when new assets go online for dynamic security across complex cloud and IT infrastructures.

Gartner Recognized Reposify for its Innovative External Attack Surface Management Solution.

Gartner has named Reposify to its 2021 Emerging Vendors list in the external attack surface management (‘EASM’) security category.

The 4 Most Vulnerable Attack Surface Exposures in the Pharmaceutical Industry

Reposify's research team examined the security posture of leading pharmaceutical companies worldwide and found the industry's 4 most prevalent and vulnerable attack surface exposures.