Are you familiar with the Verizon Data Breach Investigations Report (DBIR)? If not, this is an annual analysis of the security incidents that occurred over the course of a year. It centers most of the work on data breaches. It was first published in 2008. Since then, they have increased the number of organizations’ data (public and private) they collect to provide a more robust report on breaches, threat actors, types of organizations targeted, and more.
This year, the Data Breach Report was built out of 5,258 breaches from 88 countries around the world. The largest number they have ever reported, and it turned into a 119-page publication. Going through its pages, we found many interesting and important pieces of information that we think will help you, our readers, better understand what happened during the first year of the pandemic in the cybersecurity industry.
We don’t expect you to read through all the pages. But, if you want to do it, please take your time so you can fully digest their findings. You can access the report using this link. In this blog post, we share a summary of what we consider major trends that can impact your actions and plans to prevent cybersecurity incidents in your organizations.
Key Findings From the Verizon Data Breach Report 2021
Just as the DBIR states, this “publication is not in the business of prediction… you don’t need a crystal ball, a neural network, or next-gen AI to tell you what the norm is,” but it can be beneficial when creating or updating your response strategy. For example, by understanding how a normal data breach happens, you can improve against it and the exceptions.
1- Organized crime continues to dominate, year after year, the number one position when it comes to attackers. In fact, 80% of data breaches are attributed to them. However, we find it important to say that the study did find a decrease in internal actors being the cause of data breaches.
2- The vast majority of data breach attacks are due to financial reasons. Espionage and other motivations are only responsible for less than 10% of the attacks.
3- Even with the pandemic going on, the top action varieties in breaches remained the same from the past report. Phishing is still number one, but with the pandemic, we saw an increase from 25% to 36% of breaches attributed to it.
4- Ransomware attacks are on the rise. The report concludes that it is the third cause of data breaches, and it doubled its frequency from last year.
5- Human factor continues to be one of the biggest cybersecurity threats. 85% of data breaches involve a human element, and to make things even scarier for organizations, the report claims that employees are still making mistakes that cause security incidents and breaches.
6- External cloud assets are more likely to be compromised by an attack than on-premises assets.
7- Attackers are using older vulnerabilities to exploit and gain access to systems and networks. Making it clear that organizations need to improve their patching performance. “To patch smarter, not harder, by using vulnerability prioritization not necessarily to improve security, but to improve organization’s productivity.” To put it in other words, you are taking steps further from downtime for every patch you apply.
8- Hackers are looking to steal credentials, in fact, it is the most sought-after data type, and it is the fastest to get compromised.
9- Privilege misuse and system intrusion are the types of breaches that take longer to be discovered by an organization.
10- The average cost of a business email compromise attack is $19,296. At the same time, the median loss in a ransomware attack was $11,150.
This year the Data Breach Report included the analysis of 12 industries, demonstrating that each one of them suffered attacks and threats in different ways. This will vary according to their infrastructure, the data they collect, and their interactions with groups of interest (customers, employees, vendors, and others). Some of them are:
1- Financial and insurance organizations frequently face credential and ransomware attacks from external actors.
2- Healthcare is still vulnerable to human factors as misdelivery is the most common error causing security problems. On a more positive note, since 2019, the industry has seen a shift from branches caused by internal actors to external actors that are looking to compromise both personal (66%) and medical (55%) data.
3- Public administration has been the perfect target for social engineering attacks, as hackers have managed to craft credible phishing emails to gain access to credentials (80%) and personal information (18%).
4- The retail industry faces financially motivated attacks of criminals trying to get credit cards and personal information. The most common social tactics in this sector are pretexting and phishing.
As we said before, these numbers give us a better understanding of what has been the most common behavior for cybercriminals and data breaches over the last year. It can help us prepare and plan our security measures, but we cannot consider them to predict the future of our organization. A word of advice would be to put in place security training for everyone in your staff, patch and solve past vulnerabilities, and establish an identity and access management to better control who has access to technology.