Study reveals nearly nine in 10 (86%) breaches investigated are financially-driven
Financial gain remains the key driver for cybercrime with nearly nine in 10 (86%) breaches investigated financially-driven, according to Verizon’s 2020 Data Breach Investigations Report. The vast majority of breaches continue to be caused by external actors - 70% - with organized crime accounting for 55% of these. Credential theft and social attacks such as phishing and business email compromises cause the majority of breaches (over 67%), and specifically:
- 37% of credential theft breaches used stolen or weak credentials,
- 25% involved phishing
- Human error accounted for 22% as well.
The report also highlighted a year-over-year two-fold increase in web application breaches, to 43%, and stolen credentials were used in over 80% of these cases - a worrying trend as business-critical workflows continue to move to the cloud. Ransomware also saw a slight increase, found in 27% of malware incidents (compared to 24% in 2019); 18% of organizations reported blocking at least one piece of ransomware last year.
“As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” said Tami Erwin, CEO, Verizon Business. “In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.”
Common patterns offer a Defender Advantage
The report has re-emphasized the common patterns found within cyber-attack journeys, enabling organizations to determine the bad actors’ destination while they are in progress. Linked to the order of threat actions (e.g. Error, Malware, Physical, Hacking), these breach pathways can help predict the eventual breach target, enabling attacks to be stopped in their tracks. Organizations are therefore able to gain a “Defender’s Advantage” and better understand where to focus their security defenses.
Smaller businesses are not immune
The growing number of small and medium-sized businesses using cloud- and web-based applications and tools has made them prime targets for cyber-attackers. The report findings show that:
- Phishing is the biggest threat for small organizations, accounting for over 30% of breaches. This is followed by the use of stolen credentials (27%) and password dumpers (16%).
- Attackers targeted credentials, personal data and other internal business-related data such as medical records, internal secrets or payment information.
- Over 20% of attacks were against web applications, and involved the use of stolen credentials.
Industries under the cyber-spotlight
The report now includes detailed analysis of 16 industries, and shows that, while security remains a challenge across the board, there are significant differences across verticals. For example, in Manufacturing, 23% of malware incidents involved ransomware, compared to 61% in the Public Sector and 80% in educational services. Errors accounted for 33% of Public Sector breaches - but only 12% of Manufacturing. Further highlights include:
- Manufacturing: External actors leveraging malware, such as password dumpers, app data capturers and downloaders to obtain proprietary data for financial gain, account for 29% of Manufacturing breaches.
- Retail: 99% of incidents were financially-motivated, with payment data and personal credentials continuing to be prized. Web applications, rather than Point of Sale (POS) devices, are now the main cause of Retail breaches.
- Financial and Insurance: 30% of breaches here were caused by web application attacks, primarily driven by external actors using stolen credentials to get access to sensitive data stored in the cloud. The move to online services is a key factor.
- Educational Services: Ransomware attacks doubled this year, accounting for approximately 80% of malware attacks vs. last year’s 45%, and social engineering accounted for 27% of incidents.
- Healthcare: Basic human error accounted for 31% of Healthcare breaches, with external breaches at 51% (up from 42% in 2019), slightly more common than insiders at 48% (59% last year). This vertical remains the industry with the highest number of internal bad actors, due to greater access to credentials.
- Public Sector: Ransomware accounted for 61% of malware-based incidents. 33% of breaches are accidents caused by insiders. However, organizations have got much better at identifying breaches: only 6% lay undiscovered for a year compared with 47% previously, linked to legislative reporting requirements.
The 81 contributors involved with this year’s study have provided the report with specific insights into regional cyber-trends highlighting key similarities and differences between them. For example, financially-motivated breaches in general accounted for 91% of cases in Northern America, compared to 70% in Europe, Middle East and Africa and 63% in Asia Pacific. Other key findings include:
- Northern America: The technique most commonly leveraged was stolen credentials, accounting for over 79% of hacking breaches; 33% of breaches were associated with either phishing or pretexting.
- Europe, Middle East and Africa (EMEA): Denial of Service (DoS) attacks accounted for over 80% of malware incidents; 40% of breaches targeted web applications, using a combination of hacking techniques that leverage either stolen credentials or known vulnerabilities. Finally, 14% of breaches were associated with cyber-espionage.
- Asia Pacific (APAC): 63% of breaches were financially-motivated, and phishing attacks are also high, at over 28%.