2020 was definitely not a usual year. The pandemic put big challenges on IT security teams and companies were compelled to quickly speed up their digital transformation strategies and greatly expand their remote working capacities. Cyber actors grabbed the chances produced by the pandemic and took advantage of weaknesses in security defenses to obtain access to company systems and sensitive information.
In 2020, there were more phishing and ransomware attacks, including web application attacks, based on the lately released Verizon 2021 Data Breach Investigations Report. The article gives information into the strategies, techniques and methods employed by nation-state actors and cybercriminal gangs and how these evolved throughout the pandemic.
To make the Verizon 2021 Data Breach Investigations Report, the analysts looked into 79,635 cases, of which 29,207 satisfied the necessary quality criteria and involved 5,258 verified data breaches in 88 nations – 33 % more data breaches compared to the last year’s DBIR.
2020 had an 11% upsurge in phishing attacks, with incidents of misrepresentation like email impersonation attacks having 15 times the number in 2019. Ransomware attacks increased by 6%, as 10% of 2020’s data breaches involved the usage of ransomware – Double the number the prior year.
Throughout all industry areas, phishing was the major source of data breaches accounting for 36% of cases. The researchers said the rise in phishing attacks was due to the pandemic, as COVID-19 and many other related pandemic baits widely utilized in targeted attacks on people working at home. Though phishing attacks and using stolen credentials are connected, the researchers discovered attacks that involve stolen credentials had the same number as the prior year and accounted for 25% of breaches. Vulnerabilities exploitation was likewise prevalent, however, in the majority of cases, it wasn’t new vulnerabilities that are exploited but vulnerabilities that were not patched for a number of years or months.
The upsurge in remote working pushed companies to shift many of their business capabilities to the cloud and protecting those cloud sources is a big challenge. 39% of all data breaches involved attacks on web applications. Attacks on external online assets were a lot more prevalent than attacks on on-site assets.
61% of data breaches were due to credential theft, which is in line with prior reports of data breach investigations. 85% of data breaches had a human component. In most cases (80%), a third party discovered data breaches instead of the breached entity.
There were substantial changes in attacks and data breaches throughout the 12 industry verticals depicted in the report. In medical care, the human error remained the primary reason for data breaches, which is so for the last few years. The most prevalent cause of data breaches is error in the delivery of paper and electronic records (36%), however, this was much greater in the financial industry (55%). In public administration, the primary source of data breaches was social engineering, for example, phishing attacks to acquire credentials.
Verizon examined 655 healthcare security cases, which involved 472 data breaches. There were 106 cases involving social attacks, 137 human error, 178 hacking, and 221 cases involving malware. For two consecutive years, breaches that involve malicious insiders have dropped off the top three types of attack. Although it is definitely great that the volume of malicious insider cases is slipping, that doesn’t mean that these cases are not happening anymore. It may suggest malicious insiders can hide their tracks a lot better. Attacks due to external threat actors considerably increased, with medical care industry cyberattacks frequently use ransomware. 61% of cases were due to external threat actors and 39% were due to internal data breaches.
Surprisingly, taking into account the importance of medical information on the black market, medical information wasn’t the most frequently breached type of data. Healthcare information was compromised in 55% of data breaches, while personal data was compromised in 66% of cases. 32% of breaches used stolen credentials. Verizon recommends that may be because of external threat actors’ opportunistic attacks. If controls, for example, are much more strict on Medical information, an attacker might just manage to access Personal information, which may still be used for financial scams. In other words, they could get what they can and escape.
Breach identification has continued to improve since 2016 when the identification of most data breaches required months or even more. Most data breaches today only take days to identify, though usually not by the breached organization but by a third party.
The cost of a data breach today is projected to be an average of $21,659. 95% of data breaches cost from $826 to $653,587.