The Verizon’s 2020 Data Breach Investigations Report (DBIR) presented some interesting stats as digitalization efforts continue. Specifically, a year-over-year two-fold increase in web application breaches, to 43 percent, and stolen credentials were used in over 80 percent of these cases - a worrying trend as business-critical workflows continue to move to the cloud. Ransomware also saw a slight increase, found in 27 percent of malware incidents (compared to 24 percent in 2019 DBIR); 18 percent of organizations reported blocking at least one piece of ransomware last year.
However, perhaps the biggest takeaway from this year’s results is the importance of the human factor. Although hacking is actually down, social engineering and errors -- both of which are emblematic of the human factor – now account for more than two thirds of all the situations empowering an explosion of errors, omissions and misconfigurations. “People have a problem, but it's taking effect in a very different way than we anticipated,” says Bryan Sartin, executive director of security professional services at Verizon Business.
Historically external breaches factored in to about 80% report every single year. That has taken a bit of a shift in a way that Verizon has not seen before with external actor dropping down to 70%, insiders rising to roughly 30 and partners accounting for less than 1% (a number that has been high as 26%). “This is significant because insider breaches are harder to detect with as many as nine out of ten insider breaches going undetected,” says Sartin. “If we're seeing an uptick in the time period leading up to December 31, 2019, what does that mean under COVID-19 where organizations have a more mobile workforce operating outside the confines of the edge network where security is traditionally applied? I think the waters warmer for insiders and we are likely to see that amplified.”
How does manufacturing compare?
The 2020 DBIR now includes detailed analysis of 16 industries, and shows that, while security remains a challenge across the board, there are significant differences across verticals. For example, in manufacturing, 23 percent of malware incidents involved ransomware, compared to 61 percent in the public sector and 80 percent in educational services. Errors accounted for 33 percent of public sector breaches, but only 12 percent of Manufacturing. Digging deeper into manufacturing results, external actors leveraging malware, such as password dumpers, app data capturers and downloaders to obtain proprietary data for financial gain account for 29 percent of the breaches.
What really jumps out for manufacturers is web application vulnerabilities, explains Sartin. “Manufacturers tend to use a lot of custom developed applications, custom coded, custom created unique productivity apps that link to operational technologies and so forth,” he says. “There are more instances of the exploits of those applications because of weak authentication, particularly at system level and application level accounts that power web services platforms.”
What should manufacturers take away from these numbers? "The consistent application of security basics over time is the most meaningful impact of staying out of the headlines. It's important to find you know roughly 12% of your employee population is really vulnerable to phishing and spearing type scams. you are looking at expanded mobility, containerization, smartly applied security foundations around the world,” says Sartin. “With a mobile workforce, multifactor authentication is crucial especially on administrative remote access. Two factor authentication, complex passwords and the security hygiene. The threats might have shifted slightly, but the weaknesses setting the stage for most of these remains.”
Deeper dive
● 86 percent of data breaches for financial gain - up from 71 percent in 2019
● Cloud-based data under attack – web application attacks double to 43 percent
● 67 percent of breaches caused by credential theft, errors and social attacks
● Clearly identified cyber-breach pathways enable a “Defender Advantage” in the fight against cyber-crime
● On-going patching successful - fewer than 1 in 20 breaches exploit vulnerabilities
● Report analyzes 32,002 security incidents and 3,950 confirmed breaches from 81 global contributors from 81 countries
Consistent motivation
Financial gain remains the key driver for 86 percent of breaches investigated. “Security headlines often talk about spying, or grudge attacks, as a key driver for cyber-crime - our data shows that is not the case. Financial gain continues to drive organized crime to exploit system vulnerabilities or human error,” said Alex Pinto, lead author of the Verizon 2020 DBIR. “The good news is that there is a lot that organizations can do to protect themselves, including the ability to track common patterns within cyber-attack journeys - a security game changer - that puts control back into the hands of organizations around the globe.”
Size doesn’t matter
The growing number of small and medium-sized businesses using cloud- and web-based applications and tools has made them prime targets for cyber-attackers. Specifically, phishing is the biggest threat for small organizations, accounting for over 30 percent of breaches, followed by stolen credentials (27 percent) and password dumpers (16 percent). Attackers targeted credentials, personal data and other internal business-related data such as medical records, internal secrets or payment information. Finally, over 20 percent of attacks were against web applications, and involved the use of stolen credentials.