The Verizon Business 2020 Data Breach Investigations Report (2020 DBIR) shows that financial gain remains the key driver for cybercrime with nearly nine in 10 (86 percent) breaches investigated financially-driven. The vast majority of breaches continue to be caused by external actors - 70 percent - with organized crime accounting for 55 percent of these. Credential theft and social attacks such as phishing and business email compromises cause the majority of breaches (over 67 percent), and specifically:
- 37 percent of credential theft breaches used stolen or weak credentials,
- 25 percent involved phishing
- Human error accounted for 22 percent as well.
The 2020 DBIR also highlighted a year-over-year two-fold increase in web application breaches, to 43 percent, and stolen credentials were used in over 80 percent of these cases - a worrying trend as business-critical workflows continue to move to the cloud. Ransomware also saw a slight increase, found in 27 percent of malware incidents (compared to 24 percent in 2019 DBIR); 18 percent of organizations reported blocking at least one piece of ransomware last year.
"As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount," said Tami Erwin, CEO, Verizon Business. "In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious."
Common patterns offer a Defender Advantage
The 2020 DBIR has re-emphasized the common patterns found within cyber-attack journeys, enabling organizations to determine the bad actors’ destination while they are in progress. Linked to the order of threat actions (e.g. Error, Malware, Physical, Hacking), these breach pathways can help predict the eventual breach target, enabling attacks to be stopped in their tracks. Organizations are therefore able to gain a “Defender’s Advantage” and better understand where to focus their security defenses.
Smaller businesses are not immune
The growing number of small and medium-sized businesses using cloud- and web-based applications and tools has made them prime targets for cyber-attackers. 2020 DBIR findings show that:
- Phishing is the biggest threat for small organizations, accounting for over 30 percent of breaches. This is followed by the use of stolen credentials (27 percent) and password dumpers (16 percent).
- Attackers targeted credentials, personal data and other internal business-related data such as medical records, internal secrets or payment information.
- Over 20 percent of attacks were against web applications, and involved the use of stolen credentials.
Industries under the cyber-spotlight