Ransomware breaches climbed by 13 percent in the last year, marking a greater jump than in the last five years combined, Verizon Business said in its newly released report on data breaches.
Of particular note to managed security service providers is the startling statistic that 62 percent of system intrusion incidents came through compromising an organization’s partner. Compromising the right partner is a force multiplier for cybercriminals, and highlights the difficulties that many organizations face in securing their supply chain, Verizon said in its 15th annual Data Breach Investigations Report.
In addition, organized crime also continues to be a pervasive force in the world of cybersecurity. Roughly 4 in 5 breaches can be attributed to organized crime - with external actors approximately 4 times more likely to cause breaches in an organization than internal actors, Verizon said.
Here are seven key findings:
- Credential compromise is roughly 50 percent of all breaches. Phishing is slightly less than 20 percent, while exploiting vulnerabilities is about 5 percent and botnets less than 1 percent.
- 73 percent of data breaches originate from external sources; 39 percent from partners and 18 percent internal.
- 80 percent of actors in breaches are external; 20 percent internal; 1 percent multiple and less than 1 percent from partners.
- The median number of reports compromised in an internal breach is 80,000.
- The motive of external agents in external breaches was 90 percent personal or financial gain, 3% disagreement or protest, 2% fun, curiosity or pride, and 1% grudge or personal offense.
- In external breaches that hit large organizations, financial gain (80%) was the overwhelming motive, followed by espionage at less than 15 percent.
- 25 percent of total breaches were the result of social engineering attacks. Add human errors and misuse of privilege, the human element accounts for 82 percent of analyzed breaches over the past year.
“Over the past few years, the pandemic has exposed a number of critical issues that businesses have been forced to navigate in real-time. But nowhere is the need to adapt more compelling than in the world of cybersecurity,” said Hans Vestberg, Verizon chief executive and chairman. “As we continue to accelerate toward an increasingly digitized world, effective technological solutions, strong security frameworks, and an increased focus on education will all play their part in ensuring that businesses remain secure, and customers protected.”