Hacking, phishing and attacks on cloud-based data put strong focus on security for remote-working, according to the annual Verizon Business 2020 Data Breach Investigations Report _(2020 DBIR), which analyzes 32,002 security incidents and 3,950 confirmed breaches from 81 global contributors from 81 countries.
Key points
- 86% of data breaches for financial gain – up from 71% in 2019
- Cloud-based data under attack – web application attacks double to 43%
- 67% of breaches caused by credential theft, errors and social attacks
The report shows that financial gain remains the key driver for cybercrime with nearly nine in 10 (86%) breaches investigated financially-driven. The vast majority of breaches continue to be caused by external actors – 70% – with organized crime accounting for 55% of these. Credential theft and social attacks such as phishing and business email compromises cause the majority of breaches (over 67%), and specifically:
- 37% of credential theft breaches used stolen or weak credentials,
- 25% involved phishing
- Human error accounted for 22% as well.
The 2020 DBIR also highlighted a year-over-year two-fold increase in web application breaches, to 43%, and stolen credentials were used in over 80% of these cases – a worrying trend as business-critical workflows continue to move to the cloud. Ransomware also saw a slight increase, found in 27% of malware incidents (compared to 24% in 2019 DBIR); 18% of organizations reported blocking at least one piece of ransomware last year.
“As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” said Tami Erwin, CEO, Verizon Business. “In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.”
Common patterns offer a Defender Advantage
The 2020 DBIR has re-emphasized the common patterns found within cyber-attack journeys, enabling organizations to determine the bad actors’ destination while they are in progress. Linked to the order of threat actions (e.g. Error, Malware, Physical, Hacking), these breach pathways can help predict the eventual breach target, enabling attacks to be stopped in their tracks. Organizations are therefore able to gain a “Defender’s Advantage” and better understand where to focus their security defenses.
Alex Pinto, lead author of the Verizon Business Data Breach Investigations Report, said in a statement: “Security headlines often talk about spying, or grudge attacks, as a key driver for cyber-crime – our data shows that is not the case. Financial gain continues to drive organized crime to exploit system vulnerabilities or human error. The good news is that there is a lot that organizations can do to protect themselves, including the ability to track common patterns within cyber-attack journeys – a security game changer – that puts control back into the hands of organizations around the globe.”
In the financial and insurance industries, 30% of breaches here were caused by web application attacks, primarily driven by external actors using stolen credentials to get access to sensitive data stored in the cloud. The move to online services is a key factor.
Breaking it down regionally: financially-motivated breaches in general accounted for 91% of cases in Northern America, compared to 70% in Europe, Middle East and Africa and 63% in Asia Pacific.