The 2021 Verizon Business Data Breach Investigations report, based on a review of 29,207 incidents and 5,258 confirmed breaches worldwide, illuminates the cybersecurity impact of last year’s shift to remote working during the COVID-19 pandemic.
“The COVID-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing,” Verizon Business CEO Tami Erwin said, in a press release. “As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures.”
Phishing attacks were present in 36% of breaches studied, up from 25% in last year’s report, with the role of misrepresentation rising 15 times over 2020’s edition. Ransomware proliferated, doubling its share of breaches to 10% from 5% the previous year.
Relatedly, web applications represented 39% of all data breaches, according to Verizon (it wasn’t clear what share they made up in 2019).
A human element was at play in 85% of the breaches. External parties discovered more than 80% of them.
Using simulations, Verizon estimates the median financial impact of a breach was $21,659, with all but 5% of incidents fitting in an $826-$653,587 range.
As ZDNet notes, data breaches showed subtle differences across industries in Verizon’s report. Healthcare suffers from “basic human error,” particularly the misdelivery of documents. Phishing emails based on social engineering beset public administration.
Other nuances emerge across regions. In North America, cyber attackers’ motivation is often financial, and the tools they prefer tend to be social engineering, hacking and malware. Europe, the Middle East and Africa face basic web application attacks, system intrusion and social engineering.
As Avast notes, while last year’s report found that small organizations discovered breaches more quickly, this year the gap between small and large organizations has mostly vanished.
In general, the report states that “breaches are moving toward social and web-app vectors, and those are becoming more server-based, such as gathering credentials and using them against cloud-based email systems.”