Government employees are playing Russian roulette every time they open their inbox.

Verizon released the 11th edition of its Data Breach Investigations Report, cataloguing over 53,000 cyber incidents across 65 countries to get a pulse on how attack patterns are evolving across industries. Verizon partnered with the United States Computer Emergency Readiness Team–US-CERT–at the Department of Homeland Security, so the public sector data set accounts for about 40 percent of the entire report.

Out of 22,000 public sector cybersecurity incidents in 2017, Verizon focused its analysis on 304 confirmed data breaches where data was disclosed or extracted. While ransomware is offering petty criminals quick financial gain in the private sector, Verizon says motives are much more complex when government is targeted.

Verizon found that 61 percent of all cyber incidents and more than half of the confirmed breaches within the public sector were carried out by state-affiliated actors.

Cyberespionage was the explicit motive in 44 percent of public sector breaches. Under that pretense, Verizon said that state-affiliated groups and nation-states were responsible for these attacks–93 percent of the time. Verizon noted several potential methods of entry.

“Phishing attacks, installations and subsequent uses of backdoors or C2 channels are front and center in espionage-related breaches,” Verizon said. “Malware functionalities that are often used to pop credentials, in the form of keyloggers and password dumpers, are also found in significant numbers.”

Government secrets figure prominently into the discussion, but personal data is becoming one of the main draws for state actors. OPM hack, anyone? State actors want employee information, and to no one’s surprise, it’s those employees that are in fact handing it over to them.

Financial pretexting and phishing represent 93 percent of all breaches Verizon investigated, with email continuing to be the main entry point at 96 percent. Interestingly, organizations are nearly three times more likely to get breached by social attacks than via actual vulnerabilities. Chalk it up to a couple bad apples, though.

“The good news is that 78 percent of people don’t click on a single phishing campaign all year,” Verizon noted. “But, on average, 4 percent of the targets in any given phishing campaign will click it. And incredibly, the more phishing emails someone has clicked, the more likely they are to do so again.”

Like the employee absent-mindedly handing over the keys to the fort, these oversights aren’t often corrected or even noticed.

Russian roulette’s more dangerous when there’s more than one bullet in the cylinder.

Read More About
More Topics
Joe Franco
Joe Franco
Joe Franco is a Program Manager, covering IT modernization, cyber, and government IT policy for