Nearly 90 percent of security breaches are financially motivated, with outsiders accounting for 70 percent of cyber break-ins and organized crime linked to 55 percent of those, a new report from Verizon Business said.
The 2020 Verizon Business Data Breach Investigations Report, the 13th such iteration, found that credential theft, phishing and business email compromises are behind more than 67 percent of breaches. Some 81 organizations contributed data to the report, in which 3,950 confirmed breaches arose from analyses of 32,002 security incidents.
What stands out:
- Ransomware now accounts for 27% of malware incidents, and 18% of organizations blocked at least one ransomware incident.
- 70% of breaches were caused by outsiders.
- Espionage accounted for only 10% of breaches.
- Advanced threats represent only 4% of breaches.
- Credential theft, phishing, business email compromise and errors cause 67% of breaches.
- Attacks on web applications were a part of 43% of breaches. The most common methods of attacking web apps are using stolen or brute-forced credentials (more than 80%) or exploiting vulnerabilities (less than 20%) to gain access.
- Personal data was involved in 58% of breaches, spanning email addresses, names, phone numbers, physical addresses and other types of information contained in an email or stored in a misconfigured database.
- There were more than double the number of internal error related breaches (881) this year as compared to last year (424), likely due to improved reporting requirements rather than insiders making more frequent mistakes.
- Trojan-type malware, which peaked at roughly 50% of all breaches in 2016, has fallen to just 6.5%. Some 45% of malware is either droppers, backdoors or keyloggers, much of it blocked successfully.
- Less than 5% of breaches involved exploiting a vulnerability. About 2.5% of security information and event management events involved attacking a vulnerability.
The report also looked at breaches in 16 different segments and industries, including accommodations and food services; arts, entertainment and recreation; construction; education; financial services and insurance; healthcare; information; manufacturing; mining, oil and gas; other services; professional, technical and scientific services; public administration; real estate; retail; SMBs; and, transportation and warehousing.
Among those, professional services (7,463) and information (5,741) had the highest number of security incidents by far.
Industry drill down:
- Education: Phishing attacks occurred in 28% of breaches and hacking via stolen credentials in 23% of breaches. Ransomware accounts for approximately 80% of malware infections.
- Financial/insurance: External actors financially motivated to get easily monetized data (63%), internal financially motivated actors (18%) and internal actors committing errors (9%) account for 90% of breaches.
- Healthcare: Financially motivated criminal groups continue to target education via ransomware attacks. Lost and stolen assets and basic human error account for most of the breaches.
- Retail: Attacks against e-commerce applications are by far the leading cause of breaches.
- SMBs: In organizations of fewer than 1,000 employees, credentials (52%) and personal (30%) data are most often compromised in breaches. Of organizations with more than 1,000 employees, credentials (64%), other (26%), and personal data (19%) are most often compromised.