Industrial organizations always attract attention from both cybercriminals and politically-motivated threat actors. Reflecting on the previous half year, we have seen among other findings, growth in the number of cyberespionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such [...]
Changes in the real world often occur rapidly, and rarely give advanced notice of their arrival.
Organizations are forced to react to these events quickly, and to make decisions regarding their security stance accordingly. The wisest decisions are informed decisions. While no one can accurately predict the threats they may have to face next month or next year, they can discern what eventualities are most probable and prepare for those.
Key takeaways
VERIZON 2021 – Data Breach Investigations Report
The DBIR team analyzed 29,207 real-world security incidents, of which 5,258 were confirmed breaches, to create the 2021 DBIR.
Ransomware is still on the rise.
Ransomware appears in 10% of breaches—more than double the frequency from last year. This upward move was influenced by new tactics, where some ransomware now steals the data as they encrypt it. That puts Ransomware now in third place among actions causing breaches.
Vox populi… (might have said too much).
Eighty-five percent of breaches involved the human element. Phishing was present in 36% of breaches in our dataset, up from 25% last year. Business Email Compromises (BECs) were the second-most common form of Social Engineering. This reflects the rise of Misrepresentation, which was 15 times higher than last year.
Errors were (slightly) less of a problem.
Errors decreased last year as a percentage of breaches (from 22% to 17%), though they increased in absolute terms from 883 to 905 breaches. This breaks a three-year streak in Errors percentage either growing or remaining consistent.
Attackers still like your web apps.
Attacks on web applications continue to be high. They are the main attack vector in Hacking actions, with over 80% of breaches. In addition, Desktop sharing has moved into second place in Hacking vectors.
Mostly cloudy
Compromised external cloud assets were more common than on-premises assets in both incidents and breaches. Conversely, there was a decline of user devices (desktops and laptops) being compromised. This makes sense when we consider that breaches are moving toward Social and Web application vectors, such as gathering credentials and using them against cloud-based email systems.
What’s the password?
Some things never seem to change: Breaches, as always, continue to be mostly due to external, financially motivated actors. And 61% of breaches involved credential data.
That was quite a year.
In August 2020, we speculated COVID-19 would lead to an increase in Phishing, Ransomware, Errors and Use of stolen credentials on web applications. In the 2021 DBIR, we found we were partially correct: Phishing increased by 11% and Ransomware increased by 6%. But the Use of stolen creds and publishing errors stayed consistent with last year (1% and -0.5% respectively), while Misconfiguration and Misdelivery decreased as a percentage of errors (-2% and -6% respectively).
Breaches have price tags.
This year, we attempted a deeper analysis of the impact of breaches on organizations. Using loss data, insurance cost data and stock price data, we have modeled the range of losses due to incidents.
The good news?
Fourteen percent of simulated breaches had no impact. But don’t count on that for your organization’s security plan. The median for incidents with an impact was $21,659, with 95% of incidents falling between $826 and $653,587.
A merchant is defined as any entity that accepts payment cards from the five brands (American Express, Discover, JCB, MasterCard, or Visa) The PCI Security Standards Council defines a service ...
