Estimated reading time: 1 minute, 48 seconds

What to Know About Verizon’s 2021 Data Breach Report Featured

Monday, May 24 2021
General
Written by  Security Tech Brief Staff

Verizon has unveiled its latest annual data breach investigations report, and it comes as no surprise that a year unlike any other was also an active time for cybercriminals.

VerizonThe 2021 Verizon Business Data Breach Investigations report, based on a review of 29,207 incidents and 5,258 confirmed breaches worldwide, illuminates the cybersecurity impact of last year’s shift to remote working during the COVID-19 pandemic.

“The COVID-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing,” Verizon Business CEO Tami Erwin said, in a press release. “As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures.”

Phishing attacks were present in 36% of breaches studied, up from 25% in last year’s report, with the role of misrepresentation rising 15 times over 2020’s edition. Ransomware proliferated, doubling its share of breaches to 10% from 5% the previous year.

Relatedly, web applications represented 39% of all data breaches, according to Verizon (it wasn’t clear what share they made up in 2019).

A human element was at play in 85% of the breaches. External parties discovered more than 80% of them.

Using simulations, Verizon estimates the median financial impact of a breach was $21,659, with all but 5% of incidents fitting in an $826-$653,587 range.

As ZDNet notes, data breaches showed subtle differences across industries in Verizon’s report. Healthcare suffers from “basic human error,” particularly the misdelivery of documents. Phishing emails based on social engineering beset public administration.

Other nuances emerge across regions. In North America, cyber attackers’ motivation is often financial, and the tools they prefer tend to be social engineering, hacking and malware. Europe, the Middle East and Africa face basic web application attacks, system intrusion and social engineering.

As Avast notes, while last year’s report found that small organizations discovered breaches more quickly, this year the gap between small and large organizations has mostly vanished.

In general, the report states that “breaches are moving toward social and web-app vectors, and those are becoming more server-based, such as gathering credentials and using them against cloud-based email systems.”

Read 2660 times
Rate this item
(0 votes)
More in this category: « What Doomed Florida’s Internet Privacy Bill? How the Senate Infrastructure Bill Funds Cybersecurity   »

Visit other PMG Sites:
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline