Tuesday, 18 May 2021 21:48

Cybercrime thrives during pandemic, phishing, ransomware and web app attacks on the rise: Verizon 2021 Data Breach Investigations Report

By

The Verizon Business 2021 Data Breach Investigations Report (2021 DBIR) examines more breaches than ever before, and sheds light on how the most common forms of cyber-attacks affected the international security landscape during the global pandemic.

Cybercrime thrives during pandemic, phishing, ransomware and web app attacks on the rise: Verizon 2021 Data Breach Investigations Report. This year’s incredibly detailed 119-page report, now in its 14th edition, is freely downloadable here.

It analysed 29,207 security incidents, of which 5,258 were confirmed breaches - a significant increase on the 3,950 breaches analysed in last year’s report. Data was collected from 83 contributors, with victims spanning 88 countries; 12 industries, and 3 world regions.

With an unprecedented number of people working remotely, Verizon’s research has uncovered phishing and ransomware attacks increased by 11% and 6% respectively, with instances of Misrepresentation increasing by 15 times compared to last year.

hit
counter joomla

Additionally, breach data showed that 61% of breaches involved credential data (95% of organisations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year).

The report also highlighted the challenges facing businesses as they move more of their business functions to the cloud – with attacks on web applications representing 39% of all breaches.

“The COVID-19 pandemic has had a profound impact on many of the security challenges organisations are currently facing,” said Tami Erwin, CEO, Verizon Business.

“As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures”.

This year, the Incident Classification Patterns the DBIR report team uses to classify security threats have also been improved and refreshed. The updated report patterns explain 95.8% of analysed breaches and 99.7% of analysed incidents over all time, and should provide customers with a better understanding of the threats that exist, and how their organisations can best avoid them.

Industries under the spotlight

The 2021 DBIR includes detailed analysis of 12 industries, and shows that, while security remains a challenge across the board, there are significant differences across verticals. For example, in Financial and Insurance industries, 83% of data compromised in breaches was personal data, whilst in Professional, Scientific and Technical services only 49% was personal. Further highlights include:

  • Financial and Insurance – Misdelivery represented 55% of Financial sector errors. The Financial sector frequently faces credential and Ransomware attacks from External actors.
  • Healthcare - Basic human error continues to beset this industry as it has for the past several years. The most common Error continues to be Misdelivery (36%), whether electronic or of paper documents.
  • Public Administration - By far the biggest threat in this industry is the social engineer. Actors who can craft a credible phishing email are absconding with Credentials data at an alarming rate in this sector.
  • Retail Trade - The Retail industry continues to be a target for Financially motivated criminals looking to cash in on the combination of Payment cards and Personal information this sector is known for. Social tactics include Pretexting and Phishing, with the former commonly resulting in fraudulent money transfers.

Regional trends

The 83 contributors involved with the 2021 DBIR have provided the report with specific insights into regional cyber-trends highlighting key similarities and differences between them.

  • Asia Pacific (APAC) - Many of breaches that took place in APAC were caused by Financially motivated attackers Phishing employees for creds, and then using those stolen creds to gain access to mail accounts and web application servers.
  • Europe, Middle East and Africa (EMEA) - EMEA continues to be beset by Basic Web Application Attacks, System Intrusion, and Social Engineering.
  • Northern America (NA) – NA is often the target of Financially motivated actors searching for money or easily monetisable data. Social Engineering, Hacking and Malware continue to be the favoured tools utilised by actors in this region. 

Alex Pinto, Lead Author of the DBIR, comments, “When you read the contents of the report, it is tempting to think that a vast array of threats demands a sweeping and revolutionary solution. However, the reality is far more straightforward. The truth is that, whilst organisations should prepare to deal with exceptional circumstances, the foundation of their defences should be built on strong fundamentals – addressing and mitigating the threats most pertinent to them.”

Below is a replay of the Cybercrime and the pandemic virtual event, which launched the DBIR 2021 report. The report can be downloaded in full here.

It is a virtual fireside chat with Nasrin Rezai (Chief Information Security Officer, Verizon), Sampath Sowmyanarayan (Chief Revenue Officer, Verizon) and Chris Novak (Director Professional Services, Verizon), and they discussed the security challenges heightened by the pandemic and the cybercrime trends that will continue to shape business security.

 


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Alex Zaharov-Reutt

Alex Zaharov-Reutt is iTWire's Technology Editor is one of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments