Industrial organizations always attract attention from both cybercriminals and politically-motivated threat actors. Reflecting on the previous half year, we have seen among other findings, growth in the number of cyberespionage and malicious credential stealing campaigns. Their success has most likely been the main factor raising the ransomware threat to such [...]
Changes in the real world often occur rapidly, and rarely give advanced notice of their arrival.
Organizations are forced to react to these events quickly, and to make decisions regarding their security stance accordingly. The wisest decisions are informed decisions. While no one can accurately predict the threats they may have to face next month or next year, they can discern what eventualities are most probable and prepare for those.
This year’s the Verizon Data Breach Investigations Report (DBIR) is the 14th iteration and is powered by 83 contributing organizations—the highest number yet.
The DBIR team analyzed 29,207 real-world security incidents, of which 5,258 were confirmed breaches, to create the 2021 DBIR.
Ransomware is still on the rise.
Ransomware appears in 10% of breaches—more than double the frequency from last year. This upward move was influenced by new tactics, where some ransomware now steals the data as they encrypt it. That puts Ransomware now in third place among actions causing breaches.
Vox populi… (might have said too much).
Eighty-five percent of breaches involved the human element. Phishing was present in 36% of breaches in our dataset, up from 25% last year. Business Email Compromises (BECs) were the second-most common form of Social Engineering. This reflects the rise of Misrepresentation, which was 15 times higher than last year.
Errors were (slightly) less of a problem.
Errors decreased last year as a percentage of breaches (from 22% to 17%), though they increased in absolute terms from 883 to 905 breaches. This breaks a three-year streak in Errors percentage either growing or remaining consistent.
Attackers still like your web apps.
Attacks on web applications continue to be high. They are the main attack vector in Hacking actions, with over 80% of breaches. In addition, Desktop sharing has moved into second place in Hacking vectors.
Mostly cloudy
Compromised external cloud assets were more common than on-premises assets in both incidents and breaches. Conversely, there was a decline of user devices (desktops and laptops) being compromised. This makes sense when we consider that breaches are moving toward Social and Web application vectors, such as gathering credentials and using them against cloud-based email systems.
What’s the password?
Some things never seem to change: Breaches, as always, continue to be mostly due to external, financially motivated actors. And 61% of breaches involved credential data.
That was quite a year.
In August 2020, we speculated COVID-19 would lead to an increase in Phishing, Ransomware, Errors and Use of stolen credentials on web applications. In the 2021 DBIR, we found we were partially correct: Phishing increased by 11% and Ransomware increased by 6%. But the Use of stolen creds and publishing errors stayed consistent with last year (1% and -0.5% respectively), while Misconfiguration and Misdelivery decreased as a percentage of errors (-2% and -6% respectively).
Breaches have price tags.
This year, we attempted a deeper analysis of the impact of breaches on organizations. Using loss data, insurance cost data and stock price data, we have modeled the range of losses due to incidents.
The good news?
Fourteen percent of simulated breaches had no impact. But don’t count on that for your organization’s security plan. The median for incidents with an impact was $21,659, with 95% of incidents falling between $826 and $653,587.
A merchant is defined as any entity that accepts payment cards from the five brands (American Express, Discover, JCB, MasterCard, or Visa) The PCI Security Standards Council defines a service ...
We use cookies to optimize our website and our service.
Functional
Toujours activé
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.