For 14 years now, Verizon has annually released the Data Breach Investigations Report (“DBIR”), which assesses what tactics and strategies cyber criminals have used to conduct data breaches in the last year. This year’s report is the biggest one yet, with the Verizon team analysing 5,258 data breaches from organisations around the world – up almost 1,500 from the previous report.
The 2021 installment also shines a light on how the COVID-19 pandemic altered online criminal activity. For organisations of all sizes, the DBIR is a useful resource for understanding the current state of the cyber threat landscape. However, it is also 119 pages long – not exactly a lunchtime read!
To save you hours of reading, we’ve distilled the key takeaways from the report into a much more digestible blog format. We do, of course, recommend that IT and business leaders take a look through the full report, as it has a wealth of useful insights. Meanwhile, to whet your appetite, here are the main findings:
Ransomware rises in prominence and sophistication
In 2020, 10% of data breaches involved ransomware. This is double the frequency of 2019 and puts ransomware as the third most common cause of breaches. The Verizon team speculates that this rise was influenced by new tactics, whereby ransomware attackers “take a copy of the data for use as leverage against their victims prior to triggering the encryption”.
This means that victims are more likely to pay a ransom because, as well as their files being deleted, they could also be leaked. This is an example of the ‘cyber arms race’ between attackers and security teams, in that organisations are starting to recognise that a good backup strategy could mitigate against encrypted files. Backups cannot, however, mitigate the risks of exfiltrated data being made available on the internet.
For our view on how to protect your company from ransomware, read our blog here.
Cyber criminals are phishing for human negligence
The report found that 85% of breaches involved ‘a human element’, meaning employees or people with authorised access were manipulated by a cyber attacker, or their login credentials were stolen. The most common form of attack that involved employees was phishing. As background, phishing campaigns usually take the form of a fraudulent email, sent to unsuspecting employees in the hope they will download malicious software in an attached file, or click through to a fraudulent site and enter their username, password, or other sensitive information.
The report shows that phishing attacks saw a significant jump, from 25% in 2019 to 36% in 2020. Verizon notes that this rise correlates with the surge in COVID-19-related phishing lures at the onset of the pandemic, where cyber criminals took advantage of the move to remote work and international health scares by impersonating health bodies, co-workers and contractors over email.
Business email compromise gains traction
Another type of social engineering attack to gain in prominence was Business Email Compromise (BEC), which was the second most common after phishing. BECs are attacks where a hacker gains access to a genuine business email account – usually someone who is high up the company ladder – and then deceives employees within the organisation through the email address, often asking them to transfer funds or share sensitive information.
These attacks are especially lucrative because they come from a legitimate business email address. Often, employees will not think to question an order from an executive in their organisation, even if it does seem a little unusual.
The growth of both BEC and phishing attacks is troublesome for organisations, but there are ways to reduce the likelihood of your employees falling for such a scam. In particular, security awareness training and employee phishing testing should be used in organisations of all sizes.
Credentials are lucrative
As demonstrated with BEC, many social engineering attacks rely on password compromise, so it’s no surprise that 61% of breaches involved stolen credentials. For example, it’s common for an attacker to conduct a phishing campaign in a bid to gain login credentials, which could then be used to login to a company’s systems and deploy malware.
For organisations, this finding highlights the importance of controls to verify login credentials, such as multi-factor authentication. As well as this, organisations should enforce good access control practices – for example, mandating the use of passwords that meet minimum complexity requirements, requiring unique passwords for different systems or, even better, utilising a single sign on tool, educating users not to share passwords, enforcing least privilege access and disabling user accounts and privileges as soon as they are no longer required.
Size doesn’t matter
Verizon’s report indicates that cyber criminals are targeting organisations of all sizes. Their main motivation is financial reward, and as the report notes: ““you don’t have to be a large organization to have a good chance that one of your members has received a malicious URL or even installed a malicious Android app.”
However, while attackers have cast their net far and wide, organisations’ response times to breaches aren’t as level. The report notes that 55% of large organisations were able to find data breaches within days or less, while just 47% of smaller organisations were able to do the same.
As we know, the time taken to find a breach can dramatically impact its severity. To that end, we recommend you read our incident response guide, for a full low-down on how to create a robust plan for finding and responding to potential data breaches.
If you need help or advice on how to manage your business’ cyber security, we’re here to help. We can advise on your security vulnerabilities, select the right security technology and check your systems are configures correctly. We can also put policies in place and run staff training exercises. Contact us for a friendly chat.