A deep dive into this key industry report looks at the conclusions drawn from 32,000 security incidents and 3,950 confirmed breaches from 81 countries. Experts give their takeaways.
Financial gain remains the key motivation for cybercrime despite extensive media coverage of espionage, accounting for 86 percent of breaches investigated in the Verizon Business 2020 Data Breach Investigations Report (DBIR).
The vast majority of breaches continue to be caused by external actors - 70 percent - with organised crime accounting for 55 percent of these.
Credential theft and social attacks such as phishing and business email compromises cause the majority of breaches (more than 67 percent).
Thirty percent of credential theft breaches used stolen or weak credentials and 25 percent involved phishing while human error accounted for 22 percent.
- DBIR data continues to show that external actors are - and always have been - more common. Some 70 percent of breaches this past year were caused by outsiders.
- While espionage grabs the headlines, it accounts for just 10 percent of breaches in the data for this year. Some 86 percent of breaches continue to be financially motivated. Advanced threats account for just four percent of breaches.
- Credential theft, social attacks such as phishing and business email compromise and errors are the cause of most breaches (67 percent or more).
- Some 27 percent of malware incidents are ransomware, with 18 percent of organisations blocking at least one piece of ransomware.
- Attacks on web apps made up 43 percent of breaches, doubling the previous year’s figures. With the move of businesses to cloud services, it makes sense for attackers to follow. The most common methods use stolen or brute-forced credentials (more than 80 percent) while less than 20 percent exploit vulnerabilities.
- Personal data was involved in 58 percent of breaches, almost doubling on last year’s data. It included email addresses, names, phone numbers, physical addresses and other types of data found in an email or stored in a misconfigured database.
- The data showed a high number of internal-error-related breaches (881, versus last year’s 424). The report said the increase is likely due to improved reporting requirements because of new legislation rather than more frequent mistakes from insiders.
- Security tools are doing a better job of blocking common malware. Data from the report shows that Trojan-type malware peaked at just under 50 percent of all breaches in 2016 and has since dropped to just 6.5 percent. Malware sampling shows 45 percent of malware is from “droppers, backdoors or keyloggers”.
- Fewer than five percent of breaches involved the exploitation of a vulnerability. The data did not show attackers attempting these kinds of attacks that often. Just 2.5 percent of security information and event management (SIEM) events involved exploiting a vulnerability.
The 2020 DBIR report showed that common patterns could be found within cyber-attack journeys, enabling businesses to “determine the bad actors’ destination” while they are in progress.
When they are linked to the order of threat actions, whether through error, malware, physical, or hacking, breach pathways can be used to predict the target.
It means that the attacks can be stopped in their tracks and so offer a “defender’s advantage”.
The report said a growing number of small and medium-sized businesses are using cloud- and web-based applications and tools.
The take up has made them targets for cyber-attackers.
2020 DBIR findings show that phishing is the biggest threat for small firms, accounting for more than 30 percent of breaches.
Next comes the use of stolen credentials (27 percent) and password dumpers (16 percent). Most often, attackers targeted credentials, personal data and business-related data such as medical records, internal secrets or payment information.
More than 20 percent of attacks were targeted web applications using stolen credentials.
- 86 percent of data breaches for financial gain - up from 71 percent in 2019
- Cloud-based data under attack - web application attacks double to 43 percent
- 67 percent of breaches caused by credential theft, errors and social attacks
- Clearly identified cyber-breach pathways enable a “defender advantage” in the fight against cyber-crime
- On-going patching has been successful - fewer than 1 in 20 breaches exploit vulnerabilities
The 2020 DBIR also provided a detailed analysis of industries, showing significant differences across business verticals.
Some 29 percent of breaches come in the manufacturing sector, where external actors use malware such as password dumpers, app data capturers and downloaders to obtain proprietary data for financial gain.
Almost all of the incidents in retail were financially motivated - some 99 percent, where payment data and personal credentials were the goals. The main cause of retail breaches is via web applications, rather than Point of Sale (POS) devices.
Financial and insurance
Almost a third (30 percent) of breaches were caused by web application attacks. Most often this was primarily driven by external actors using stolen credentials to get access to sensitive data stored in the cloud. The transition to online services has been highlighted as a key factor.
A doubling of ransomware attacks this year makes up around 80 percent of malware attacks compared to 45 percent last year. Social engineering accounted for 27 percent of incidents.
Some 31 percent of healthcare breaches came from basic human error. External breaches were at 51 percent, up from 42 percent last year, slightly more common than insiders at 48 percent (59 percent in 2019). The industry has the highest number of internal bad actors, because of greater access to credentials.
Some 61 percent of malware-based incidents were down to ransomware, while 33 percent of breaches were accidents caused by insiders. These types of organisations have improved on identifying breaches, with just six percent lying undiscovered for a year compared with 47 percent previously. This was linked to legislative reporting requirements.
Analysis of geography
The report found financially-motivated breaches, in general, accounted for 91 percent of cases in Northern America, compared to 70 percent in Europe, Middle East and Africa and 63 percent in Asia Pacific.
In Northern America, the technique most commonly used was stolen credentials, accounting for more than 79 percent of hacking breaches. Some 33 percent of breaches were associated with either phishing or pretexting.
In Europe, Middle East and Africa (EMEA) Denial of Service (DoS) attacks accounted for more than 80 percent of malware incidents; 40 percent of breaches targeted web applications, using a combination of hacking techniques that leverage either stolen credentials or known vulnerabilities. Just 14 percent of breaches were associated with cyber-espionage.
In Asia Pacific (APAC) 63 percent of breaches were financially-motivated, and phishing attacks are also high, at over 28 percent.
Alex Pinto, lead author of the Verizon Business Data Breach Investigations Report
“Security headlines often talk about spying, or grudge attacks, as a key driver for cyber-crime - our data shows that is not the case.
“Financial gain continues to drive organised crime to exploit system vulnerabilities or human error. The good news is that there is a lot that organisations can do to protect themselves, including the ability to track common patterns within cyber-attack journeys - a security game changer - that puts control back into the hands of organisations around the globe.”
Mark Bower, SVP at comforte AG
“The report shows the Great Digital Train Robbery is alive and well. External, multi-faceted and industrialised hacking continues to pepper large enterprises at 72 percent of overall victims. It’s no surprise that web applications, around 45 percent of attacks, expose technology services firms, retail, financial and Insurance services and professional services most to compromise. They are the highest aggregators of highly sensitive data with substantial third-party data sharing risk.
“Personal data theft is trending up, now 49 percent of retail breaches, overtaking payment data at 47 percent putting privacy regulation risk high on the compliance agenda. 70 percent of breaches were from external actors, insiders 30 percent, and human left doors open in 22 percent of cases. In a world quickly moving to post-Covid cloud IT, now 24 percent of investigated breaches, enterprises have no choice but to modernise data security strategies to neutralise data from attack or become a victim.