VERIZON’s 2020 Data Breach Investigations Report (2020 DBIR) shows that financial gain remains the key driver for cybercrime with nearly nine in 10 (86 percent) breaches investigated financially-driven. The vast majority of breaches continue to be caused by external actors – 70 per cent – with organised crime accounting for 55 percent of these. Credential theft and social attacks such as phishing and business email compromises cause the majority of breaches (over 67 per cent), and specifically:
- 37 per cent of credential theft breaches used stolen or weak credentials,
- 25 per cent involved phishing, human error accounted for 22 per cent as well.
The 2020 DBIR also highlighted a year-over-year two-fold increase in web application breaches, to 43 per cent, and stolen credentials were used in over 80 per cent of these cases – a worrying trend as business-critical workflows continue to move to the cloud. Ransomware also saw a slight increase, found in 27 per cent of malware incidents (compared to 24 per cent in 2019 DBIR); 18 per cent of organisations reported blocking at least one piece of ransomware last year.
“As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” said Tami Erwin, CEO, Verizon Business. “In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.
Common patterns offer a Defender Advantage
Verizon’s 2020 Data Breach Investigations Report (2020 DBIR) has re-emphasized the common patterns found within cyber-attack journeys, enabling organisations to determine the bad actors’ destination while they are in progress.
Linked to the order of threat actions (e.g. Error, Malware, Physical, Hacking), these breach pathways can help predict the eventual breach target, enabling attacks to be stopped in their tracks. Organisations are therefore able to gain a “Defender’s Advantage” and better understand where to focus their security defenses.
Smaller businesses are not immune
The growing number of small and medium-sized businesses using cloud- and web-based applications and tools has made them prime targets for cyber-attackers. 2020 DBIR findings show that:
- Phishing is the biggest threat for small organisations, accounting for over 30 percent of breaches. This is followed by the use of stolen credentials (27 per cent) and password dumpers (16 per cent).
- Attackers targeted credentials, personal data and other internal business-related data such as medical records, internal secrets or payment information.
- Over 20 per cent of attacks were against web applications, and involved the use of stolen credentials.
Industries under the cyber-spotlight
The 2020 DBIR now includes detailed analysis of 16 industries, and shows that, while security remains a challenge across the board, there are significant differences across verticals. For example, in Manufacturing, 23 per cent of malware incidents involved ransomware, compared to 61 per cent in the Public Sector and 80 percent in educational services. Errors accounted for 33 per cent of Public Sector breaches – but only 12 per cent of Manufacturing. Further highlights include:
- Manufacturing: External actors leveraging malware, such as password dumpers, app data capturers and downloaders to obtain proprietary data for financial gain, account for 29 per cent of Manufacturing breaches.
- Retail: 99 percent of incidents were financially-motivated, with payment data and personal credentials continuing to be prized. Web applications, rather than Point of Sale (POS) devices, are now the main cause of Retail breaches.
- Financial and Insurance: 30 per cent of breaches here were caused by web application attacks, primarily driven by external actors using stolen credentials to get access to sensitive data stored in the cloud. The move to online services is a key factor.
- Educational Services: Ransomware attacks doubled this year, accounting for approximately 80 per cent of malware attacks vs. last year’s 45 percent, and social engineering accounted for 27 per cent of incidents.
- Healthcare: Basic human error accounted for 31 per cent of Healthcare breaches, with external breaches at 51 per cent (up from 42 percent in the 2019 DBIR), slightly more common than insiders at 48 percent (59 percent last year). This vertical remains the industry with the highest number of internal bad actors, due to greater access to credentials.
- Public Sector: Ransomware accounted for 61 per cent of malware-based incidents. 33 per cent of breaches are accidents caused by insiders. However, organisations have got much better at identifying breaches: only six per cent lay undiscovered for a year compared with 47 per cent previously, linked to legislative reporting requirements.
The 81 contributors involved with the 2020 DBIR have provided the report with specific insights into regional cyber-trends highlighting key similarities and differences between them. For example, financially-motivated breaches in general accounted for 91 per cent of cases in Northern America, compared to 70 per cent in Europe, Middle East and Africa and 63 per cent in Asia Pacific. Other key findings include:
- Northern America: The technique most commonly leveraged was stolen credentials, accounting for over 79 per cent of hacking breaches; 33 per cent of breaches were associated with either phishing or pretexting.
- Europe, Middle East and Africa (EMEA): Denial of Service (DoS) attacks accounted for over 80 per cent of malware incidents; 40 per cent of breaches targeted web applications, using a combination of hacking techniques that leverage either stolen credentials or known vulnerabilities. Finally, 14 per cent of breaches were associated with cyber-espionage.
- Asia Pacific (APAC): 63 per cent of breaches were financially-motivated, and phishing attacks are also high, at over 28 per cent.
Alex Pinto, Lead Author of the Verizon Data Breach Investigations Report, comments: “Security headlines often talk about spying, or grudge attacks, as a key driver for cyber-crime – our data shows that is not the case. Financial gain continues to drive organised crime to exploit system vulnerabilities or human error. The good news is that there is a lot that organisations can do to protect themselves, including the ability to track common patterns within cyber-attack journeys – a security game changer – that puts control back into the hands of organisations around the globe.”