Hacking, phishing and attacks on cloud-based data put strong focus on security for remote-working, according to the Verizon Business 2020 Data Breach Investigations Report.
The Verizon Business 2020 Data Breach Investigations Report (2020 DBIR) shows that financial gain remains the key driver for cybercrime with nearly 9 in 10 (86%) breaches being financially-driven.
The vast majority of breaches (70%) are caused by external actors, with organized crime accounting for 55% of these.
Credential theft using stolen or weak log-on details made up 37% of breaches while phishing was involved in 25% of breaches. Human error accounted for 22% of breaches (31% in the healthcare sector).
The 2020 DBIR also highlights a year-on-year doubling in web application breaches, up to 43%. This is a worrying trend as business-critical workflows continue to move to the cloud. Stolen credentials were used in over 80% of these cases.
“As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” said Tami Erwin, CEO of Verizon Business. This should be a major focus as the ongoing Covid-19 lockdowns are likely to lead to an increase in this trend, with more activity being conducted online than ever before.
The 2020 DBIR has re-emphasized the common patterns found within cyber-attacks, enabling organizations to determine the bad actors’ destination while attacks are in progress. This can enable attacks to be stopped in their tracks. Organizations are therefore able to gain a “Defender’s Advantage” and better understand where to focus their security defences.
Ransomware is still a particular problem, especially in the public sector where it made up 61% of malware-based breaches and in education (80%, up from 45% last year). While malware incidents are dropping as a whole, ransomware has continued to increase year over year, now accounting for over a quarter of all incidents. Nearly one in five organizations blocked at least one piece of ransomware in the past year, so the ongoing threat it poses should not be ignored; especially as reliance on uninterrupted access to digital services continues to climb.
On a more positive note, security tools are getting better at blocking common malware. Trojan-type malware peaked at just under 50% of all breaches in 2016 and according to this year’s report these have dropped to just 6.5%. There is plenty of this kind of threat still out there, but much of it is being blocked successfully.
Small businesses are not immune
The growing number of small and medium-sized businesses using cloud- and web-based applications and tools has made them prime targets for cyber-attackers. 2020 DBIR findings show that phishing is the biggest threat for small organizations, accounting for over 30% of breaches. This is followed by the use of stolen credentials (27%) and password dumpers (16%).
Attackers targeted credentials, personal data and other internal business-related data such as medical records, internal secrets or payment information.
Industries under the cyber-spotlight
The 2020 DBIR includes detailed analysis of 16 industries, and shows that, while security remains a challenge across the board, there are significant differences across verticals. For example, in manufacturing, 23% of malware incidents involved ransomware, compared to 61% in the public sector and 80% in educational services.
Errors accounted for 33% of public sector breaches but only 12% of breaches in the manufacturing industry where external actors account for 29% of breaches by leveraging malware, such as password dumpers, app data capturers and downloaders.
In the retail industry, almost all incidents (99%) were financially motivated, with payment data and personal credentials the main targets and web applications, rather than Point of Sale (POS) devices, the main entry point for retail breaches. Alex Pinto, Lead Author of the report, points out that “Security headlines often talk about spying, or grudge attacks, as a key driver for cyber-crime. Our data shows that is not the case. Financial gain continues to drive organized crime to exploit system vulnerabilities or human error.”
A positive area of the report concerns the financial services and insurance sector who have cleaned up their act, at least in some areas. Misuse, where an internal actor intentionally uses their access privileges to commit harm, has dropped from one in five incidents in the financial services and insurance sectors, to less than 10% in the last 12 months. Similarly, internal actor caused breaches have largely shifted from malicious actions to benign errors, such as mis-deliveries (e.g. emailing attachments to the wrong recipient).
The last, and optimistic, word goes to Alex Pinto. “The good news is that there is a lot that organizations can do to protect themselves, including the ability to track common patterns within cyber-attack journeys - a security game changer - that puts control back into the hands of organizations around the globe.” Cyber crime is still very much out there. But this report will be significant in helping organisations identify the main threats and plan how to defend against them.
This year the DBIR, which is in its 13th edition, analysed 32,002 security incidents, of which 3,950 were confirmed breaches; almost double the 2,013 breaches analyzed last year. These cases came from 81 countries. The complete 2020 Data Breach Investigations Report as well as Executive Summary is available on the DBIR resource page.
Main image courtesy of iStockPhoto.com