Companies are doubling down on IT security efforts, yet known areas of susceptibility and human error remain the main source of enterprise cyberattacks, according to Verizon\u2019s 2016 Data Breach Investigations Report (DBIR).\n\n\nIn fact, the latest edition of the Verizon DBIR found that lost or stolen credentials are responsible for 63 percent of confirmed data breaches. The ninth edition of this comprehensive security guide analyzed more than 100,000 security incidents, including 2,260 confirmed breaches from 67 contributing organizations across 82 countries.\n\n\nBecause the same simple mistakes continue to cause most breaches, implementing and enforcing basic security measures is more critical than ever to counteract human error. Companies must begin addressing security proactively, not as an afterthought, in order to effectively mitigate risk, raise user awareness, and embrace the path to complete digital transformation.\n\n\nAccording to Verizon\u2019s 2016 DBIR, 95 percent of breaches still fit into the nine incident patterns identified in Verizon\u2019s 2015 report. Miscellaneous errors, insider and privilege misuse, physical theft or loss of a device, denial of service (DoS), and crimeware remain the most active attack categories across all industries.\n\n\nHowever, three quarters of incidents and breaches in the various industry sectors are covered by three patterns, which vary depending on the industry. Verizon\u2019s 2016 DBIR maps the incident patterns to specific industries and also provides a recommended course of action.\n\n\nWhatever the threat type, Verizon\u2019s 2016 DBIR found that cybercriminals are quick to do damage and companies are too slow to take action. In 93 percent of cases of stolen data, for example, systems were compromised in minutes or less, according to the findings, and in 83 percent of cases, victimized companies didn\u2019t discover the breach for weeks\u2014or more.\n\n\nMoreover, law enforcement, fraud detection services, and third parties are more likely to catch breaches after the fact than internal IT staff or systems, according to the research. If companies are relying on external resources to detect attacks, they provide cybercriminals with more time to disrupt the business.\n\n\nPutting basic security measures into effect is more critical than ever, but many organizations don\u2019t know where to start. Here are a few key recommendations from Verizon\u2019s 2016 DBIR:\n\n\nKnow your data and your users. If it sounds basic, it is\u2014but a surprising number of companies don\u2019t have a true sense of their organizations and hence their real susceptibilities. IT needs to understand what sensitive data exists, where it is, and who needs access to it. They also need to track system usage and user behavior.\n\n\nUse encryption and two-factor authentication. Both practices help to significantly reduce the damage in the event that data or credentials are lost or stolen.\n\n\nSegregate systems. Separate primary servers and systems to protect them from attack. This way, a compromised desktop can\u2019t expose other systems and data to damage or theft.\n\n\nPatch promptly and often. The sheer number of new areas of exposure can be intimidating for IT organizations, many of which don\u2019t know where to start. Verizon\u2019s 2016 DBIR provides critical intelligence for implementing an effective patch strategy.\n\n\nFor more details on these recommendations, along with an overview on other security best practices, view the entire Verizon 2016 BDIR at here or contact Verizon to engage a consultation with their security professionals.