Verizon DBIR underscores year of unprecedented cyber challenge

Verizon has released its 2021 Data breach investigations report (DBIR), looking back on a year of cyber security challenges, including vast spikes in cyber attacks, as the Covid-19 pandemic wrought havoc across the tech sector.

Like many other cyber security supplier reports, the latest edition of the firm’s long-running DBIR series cannot help but underline the challenges faced by the security industry in the past year – from increased phishing and ransomware attacks on remote workers, up 11% and 6%, respectively. Meanwhile, attacks on web applications represented 39% of breaches, reflecting the pandemic-induced uptake of cloud services.

The full report analysed 29,207 incidents, including 5,258 confirmed breaches, 85% of which involved a human element and 80% of them discovered by parties external to the victim organisation. The median financial impact of a breach in 2020 was $21,659, with 95% of incidents falling between $826 and $653,587.

“The Covid-19 pandemic has had a profound impact on many of the security challenges organisations are currently facing,” said Verizon Business CEO Tami Erwin.

“As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures.”

Among the report highlights, Verizon found significant variance in the nature of cyber incidents, both regionally and across different verticals.

For example, in Asia Pacific (APAC), financially motivated attacks involving credential-stealing phishing against targeted employees were particularly prominent, while Europe, the Middle East and Africa (EMEA) was beset by web application attacks, system intrusion and social engineering, and in North America, social engineering, hacking and malware were the most commonly seen issues.

Broken out by verticals, the report found the financial and insurance sectors were the most likely to face incidents resulting in personal data loss, and were particularly at risk of credential stuffing and ransomware attacks, while in healthcare, basic human error, particularly misdelivery of electronic or paper documents, was the most common source of incidents. Public sector bodies had a tendency to fall victim to credible phishing and social engineering attacks, while the retail sector remained a target for financially motivated actors cashing in on valuable credit card and personal data.

Alex Pinto, lead author of the DBIR, said: “When you read the contents of the report, it is tempting to think that a vast array of threats demands a sweeping and revolutionary solution. However, the reality is far more straightforward. The truth is that, while organisations should prepare to deal with exceptional circumstances, the foundation of their defences should be built on strong fundamentals – addressing and mitigating the threats most pertinent to them.”

Eoin Keary, CEO and founder of Edgescan, one of the organisations contributing to the report, said: “With the DBIR report, the team at Verizon provide an invaluable service to the security community across the globe, and we are delighted to have been part of the effort for the third year running.

“While it’s hard to establish causality, the data in the report confirms the impression that attackers certainly aren’t hindered in their efforts by global crises and are ready to opportunistically exploit any gap in the fence to pursue their objectives. For this reason, it is ever more important for the cyber security industry to come together and join forces to fight the challenges facing organisations today.”

Cybereason CSO Sam Curry said nobody should be surprised by the fact that the extent of cyber crime had grown so large given the prevalence of internet worldwide, but there were some “remarkable” findings, nonetheless.

“First, that the dark side is growing faster and getting better at their craft than the light side,” he said. “In other words, asymmetry in cyber conflict is more and more favouring attackers as they hone their skills and tools. Second, that some forms of attack are in hyper-growth with two standouts – ransomware and supply chain attacks.

“These trends aren’t going to slow, so it demands that businesses really bridge the security-business divide and take the right steps to ensure future safety and growth. There are ways to prepare now, to get prevention in place, to enable a detection strategy, and to develop resilience and recovery in peacetime. Companies can reduce the likelihood and the impact of attacks to acceptable levels and must do so if they hope to compete in the remainder of the 21st century.”