Data breaches are on the rise according to the Verizon Business 2021 Data Breach Investigations Report (2021 DBIR).

The report has examined more breaches than ever before and sheds light on how the most common forms of cyber-attacks affected the international security landscape during the global pandemic. It analyses 29,207 quality incidents, of which 5,258 were confirmed breaches from 83 contributors across the globe. It is a third more breaches analysed than last year.

As per the report, phishing and ransomware attacks increased by 11 per cent and 6 per cent respectively. Instances of misrepresentation increased by 15 times compared to last year.

Additionally, as per the analysis of breach data, 61 per cent of breaches involved credential data. 95 per cent of organisations that suffered credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year, it said.

As businesses move to the cloud amid digital transformation, attacks on web applications have increased, representing 39 per cent of all breaches.

“The COVID-19 pandemic has had a profound impact on many of the security challenges organisations are currently facing,” said Tami Erwin, CEO, Verizon Business.

“As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures,” added Erwin.

Regional trends

The report further traced certain regional trends based on the contributions. As per the trends, a significant number of breaches in the Asia Pacific (APAC) were caused by financially motivated attackers.

“Phishing employees for creds, and then using those stolen creds to gain access to mail accounts and web application servers,” it said.

Northern America (NA) was also often the target of financially-motivated actors searching for money or easily monetisable data.

“Social Engineering, Hacking and Malware continue to be the favoured tools utilized by actors in this region,” as per the report.

Apart from this, Europe, West Asia and Africa (EMEA) countries continued to be beset by Basic Web Application Attacks, System Intrusion, and Social Engineering.

Significant differences in cyber threats across verticals

As for cybersecurity of various industries, the 2021 DBIR shared a detailed analysis of 12 industries.

According to the report, “while security remains a challenge across the board, there are significant differences across verticals.”

For instance, 83 per cent of compromised data in the Financial and Insurance industries was personal data, whilst in Professional, Scientific and Technical services only 49 per cent was personal.

Furthermore, misdelivery represented 55 per cent of Financial sector errors. The Financial sector frequently faces credential and Ransomware attacks from External actors.

Misdelivery was also the most common error (36 per cent) in the healthcare industry.

In Public Administration, the biggest threat by far is social engineering.

“Actors who can craft a credible phishing email are absconding with Credentials data at an alarming rate in this sector,” the report said.

The Retail industry continued to be a target for financially motivated criminals “looking to cash in on the combination of payment cards and personal information this sector is known for. Social tactics include pretexting and phishing, with the former commonly resulting in fraudulent money transfers,” as per the report.

Alex Pinto, the Lead Author of the DBIR, said, “When you read the contents of the report, it is tempting to think that a vast array of threats demands a sweeping and revolutionary solution. However, the reality is far more straightforward. Whilst organizations should prepare to deal with exceptional circumstances, the foundation of their defences should be built on strong fundamentals - addressing and mitigating the threats most pertinent to them.”

Related Topics
comment COMMENT NOW