Most breaches and incidents are today from attacks that are financially or criminally motivated
Finance, healthcare and public services are the sectors that witnessed highest number of data breaches in 2016, according to the recently released 2017 Data Breach Investigations Report (DBIR) by Verizon, based on its study of more than 40,000 security incidents and close to 2,000 breaches in 84 countries. Information, retail and manufacturing follow closely.
Apart from dissecting the data across 20 industries, Verizon DBIR 2017 also analyzed the security incidents and breaches in terms of types of attacks and intentions behind the attacks. The analysis threw up some interesting insights.
The report classified the incidents/breaches into three broad groups based on intention. The buckets were FIG (Fun, Ideology, Grudge) or the traditional attackers, ESP or espionage including those by nation state actors and FIN or those with financial/criminal motives, often executed by organized criminal group actors. It is clear from the data that financial/criminal motives clearly dominate with espionage being a distant second. The FIG attacks are negligible in almost all types of incidents.
Take spyware/keylogger. As many as 94% cases were financially or criminally motivated and 6% were with an espionage objective. There was no case of amateur actors doing it for fun. Similarly, in case of use of stolen credentials, 95% cases were financially or criminally motivated. In case of phishing though, a significant percentage of cases (one in four) were related to espionage.
Web App attacks constituted the biggest pattern of successful attacks accounting for 26% of the breaches followed by cyber-espionage and privilege misuse accounting for close to 15% each. However, when it comes to overall incidents, Denial of Service still accounts for more than one-fourth of incidents. Privilege misuse and crimeware are the next biggest categories. Ransomware has the lion’s share in crimeware