2020 Verizon Data Breach Investigations Report – The Findings
Last month Verizon released their annual Data Breach Investigations Report (DBIR) produced by the Verizon Threat Research Advisory Center (VTRAC), providing a snapshot of the current state of the fight against cybercrime, focusing specifically on data breaches. Now in its 13th year, the 2020 Verizon Data Breach report analyses 32,002 security incidents including 3,950 confirmed breaches, across 81 countries and 16 business sectors.
As an important tool for keeping security teams informed, we’ve pulled out the key findings from the report to help you to identify common attack vectors and patterns to review the security controls that will give you the best chance of preventing data breaches.
What’s New in the Report?
While the report continues along a similar vein to previous years, it has grown in its reach. The analysis included new industries and countries and for the first time ever looked at data breaches from a regional viewpoint. With new statistical processes and protocols and more data than ever, the 2020 report gives an extremely comprehensive analysis of global data breaches.
What Were the Key Findings?
As with previous reports, there are a lot of figures to try to digest. However, the report splits its key findings into three fundamental areas:
- The tactics – 45% of breaches featured hacking, 22% began with internal errors, and 22% included social attacks.
- The attackers – 70% of breaches were committed by external actors, 30% involved internal actors, and organised criminal groups were behind 55% of attacks.
- The victims – 81% of breaches were contained in days or less, 72% of breaches involved large businesses, and 58% of victims had personal data compromised.
What many attacks had in common was financial motivation, an incredible 86% in fact, up from 71% in 2019. Web applications were involved in almost half of the breaches, showing an increase in cloud-based data under attack, and common methods of attack included stealing user credentials, using ransomware and phishing.
The report highlights some key trends that we should all be mindful of. Firstly, attackers have continued to adapt in a world where businesses are making it more difficult for them. The findings indicate a reduction in the use of malware and a continued rise in social engineering and phishing. It is clear that the need for behaviour-based security is paramount to combat these modern attacks. After all, attackers will follow the path of least resistance, taking advantage of people and online opportunities.
Specific Industry and Regional Findings
The question we are all asking is how at risk our business is to a data breach. And, ultimately, the answer to that question is that we all are. The Verizon report has demonstrated that a significant percentage of breaches involved large companies, however, smaller businesses are far from immune. More and more small and medium-sized enterprises are using cloud and web-based applications, which makes them a prime target for today’s hackers. Regardless of the size of your business, phishing, social engineering, and web-based attacks are a real threat.
The 2020 report focused on the detailed analysis of 16 business sectors and showed there are differences across industries. Manufacturing saw a lower percentage of malware incidents, retail saw almost all breaches being financially motivated with payment data being a key prize, and finance saw a huge rise in web applications attacks due to the move to online services. In educational services, ransomware attacks doubled and in healthcare human error accounted for a larger percentage of breaches than in other industries. However, healthcare remains the industry with the highest volume of internal threat actors due to having broader access to credentials.
In terms of regional trends, North America swayed stolen credentials as the most commonly leveraged technique, Europe and the Middle East saw 40% of breaches targeted web applications using a combination of hacking techniques, and Asia Pacific saw a higher rate of phishing attacks.
How to Protect Your Business Against Data Breaches
While there are differences in the methods used, what we can deduce is that financial gain is the key driver of organised crime, increasing year-on-year. Cybercriminals aim to exploit system vulnerabilities and human error and will continue to do so. However, there is a lot that businesses can do to protect themselves. The Verizon report talks about the ability to track common patterns within cyber-attack journeys as a security game-changer.
As our businesses become ever-more dependent on remote working and web-based applications, end-to-end security becomes a must. We need to not only protect our systems from attack but to educate our employees to build our cybersecurity posture and defend ourselves from breaches.
To access the full report click here.
You may also be interested in reading our Responding to Cyber Attacks Executive Summary.
see our
Related resources
Cybersecurity should be front of mind for every organisation, especially in the wake of the current global pandemic. Our ways of working have changed immensely, with a surge in the volume of remote workers using different networks, devices, and platforms. Meanwhile, our businesses are using cloud computing and IoT technologies to facilitate new ways of working, reduce costs, and improve performance. The result is that the attack surface has increased, and with that comes an increase in the volume of cyber threats.
There are images of extensive, verbose documents, complex definitions, and eye-watering Excel sheets when the term GRC is mentioned. For the past two decades, GRC has been central to core business processes across many organisations at both ends of the enterprise spectrum, as well as in the small-to-medium business space in recent times.
But the world has moved on; organisations are forced to embrace digital disruption and agility if they haven’t done so whole-heartedly. And this very disruption is positioning GRC to become less-than-ideal to solve the challenges that said disruption brings with it.
Phishing attacks have increased dramatically over the last few years, with the global pandemic escalating the situation further. Cybercriminals take advantage of insecurities and fear and play on human nature to trick and deceive. In fact, according to the OAIC, phishing attacks that involved compromised credentials accounted for 30% of all cyber incidents in the first half of 2021. And human error formed a major source of these breaches. Unfortunately, due to the clever social engineering tactics used by cybercriminals, technical filters alone aren’t sufficient to protect against phishing.
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Secure Access Service Edge, better known as SASE (pronounced sassy – yes that is right) was one of the new security terms on the block in 2019. But it’s actually been around for some time, just without its official moniker. It is expected that by 2024, at least 40% of enterprises will have strategies in place to adopt SASE, according to Gartner.
In this post, Cloud Security Engineer, Will Michail takes a look at why its popularity is increasing now, what the term means and how vendors and organisations are utilising it to enable digital transformation.
We're Here To Help