CLEVELAND, OH (May 19, 2020) – Vestige Digital Investigations is named an official Contributor to the Verizon 2020 Data Breach Investigations Report (DBIR). This release marks the 13th year that Verizon has published this report.
“As cybersecurity experts, Vestige Digital Investigations is pleased to be an official CONTRIBUTOR to the Verizon DBIR for the fifth year in a row. We provided data on the matters we encountered in 2019 to continue to arm Verizon and cyber professionals around the globe with this data-driven resource report. The DBIR is designed to help cyber professionals use the information to take actionable real-world preventive steps to protect themselves and their organization from cyber incidents and data breach,” said Greg Kelley, BS, EnCE, DFCP, and Chief Technology Officer at Vestige Digital Investigations.
The 2020 DBIR edition provided a deep dive into analyzing 157,525 security incidents; of those 32,002 met Verizon’s quality standards; and 3,950 were confirmed data breaches . The report is based on 81 CONTRIBUTORS from 81 countries. The ultimate goal of the Report is to inform defenders on the threats they face and how to protect against them. This year’s Report looks at 16 verticals and examines:
- Attacks – what are the most common
- Actors – who’s behind the breaches
- Actions – what tactics are utilized
- Victims – by industry
- Other Commonalities
The key driver continues to be financial gain. Hacking, phishing and attacks on cloud-based data put a strong focus on security for remote-working. The majority of breaches continue to caused by external actors: 70 percent with organized crime accounting for 55 percent of these. Theft of credentials and social attacks such as phishing and business email compromises cause the majority of breaches (over 67 percent). Specifically:
- 37 percent of credential theft breaches used stolen or weak credentials
- 25 percent involved phishing
- 22 percent was due to human error
The 2020 DBIR also highlighted a year-over-year two-fold increase in web application breaches, to 43 percent, and stolen credentials were used in over 80 percent of these cases – a worrying trend as business-critical workflows continue to move to the cloud. Ransomware also saw a slight increase, found in 27 percent of malware incidents (compared to 24 percent in 2019 DBIR); 18 percent of organizations reported blocking at least one piece of ransomware last year.
HIGHLIGHTS YOU NEED TO KNOW:
- 86 percent of data breaches for financial gain – up from 71 percent in 2019
- Cloud-based data under attack – web application attacks double to 43 percent
- 67 percent of breaches caused by credential theft, errors and social attacks
- Clearly identified cyber-breach pathways enable a “Defender Advantage” in the fight against cyber-crime
- On-going patching successful – fewer than 1 in 20 breaches exploit vulnerabilities
“As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” said Tami Erwin, CEO, Verizon Business. “In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.”
COMMON PATTERNS FOR DEFENDER ADVANTAGE
The 2020 DBIR has re-emphasized the common patterns found within cyber-attack journeys, enabling organizations to determine the bad actors’ destination while they are in progress. Linked to the order of threat actions (e.g. Error, Malware, Physical, Hacking), these breach pathways can help predict the eventual breach target, enabling attacks to be stopped in their tracks. Organizations are therefore able to gain a “Defender’s Advantage” and better understand where to focus their security defenses.
SMALLER BUSINESSES ARE NOT IMMUNE
The growing number of small and medium-sized businesses using cloud- and web-based applications and tools has made them prime targets for cyber-attackers. 2020 DBIR findings show that:
- Phishing is the biggest threat for small organizations, accounting for over 30 percent of breaches. This is followed by the use of stolen credentials (27 percent) and password dumpers (16 percent).
- Attackers targeted credentials, personal data and other internal business-related data such as medical records, internal secrets or payment information.
- Over 20 percent of attacks were against web applications, and involved the use of stolen credentials.
INDUSTRIES IN THE CYBER-SPOTLIGHT
The 2020 DBIR now includes detailed analysis of 16 industries, and shows that, while security remains a challenge across the board, there are significant differences across verticals. For example, in Manufacturing, 23 percent of malware incidents involved ransomware, compared to 61 percent in the Public Sector and 80 percent in educational services. Errors accounted for 33 percent of Public Sector breaches – but only 12 percent of Manufacturing. Further highlights include:
Manufacturing: External actors leveraging malware, such as password dumpers, app data capturers and downloaders to obtain proprietary data for financial gain, account for 29 percent of Manufacturing breaches.
Retail: 99 percent of incidents were financially-motivated, with payment data and personal credentials continuing to be prized. Web applications, rather than Point of Sale (POS) devices, are now the main cause of Retail breaches.
Financial and Insurance: 30 percent of breaches here were caused by web application attacks, primarily driven by external actors using stolen credentials to get access to sensitive data stored in the cloud. The move to online services is a key factor.
Educational Services: Ransomware attacks doubled this year, accounting for approximately 80 percent of malware attacks vs. last year’s 45 percent, and social engineering accounted for 27 percent of incidents.
Healthcare: Basic human error accounted for 31 percent of Healthcare breaches, with external breaches at 51 percent (up from 42 percent in the 2019 DBIR), slightly more common than insiders at 48 percent (59 percent last year). This vertical remains the industry with the highest number of internal bad actors, due to greater access to credentials.
Public Sector: Ransomware accounted for 61 percent of malware-based incidents. 33 percent of breaches are accidents caused by insiders. However, organizations have got much better at identifying breaches: only 6 percent lay undiscovered for a year compared with 47 percent previously, linked to legislative reporting requirements.
The 81 contributors involved with the 2020 DBIR have provided the report with specific insights into regional cyber-trends highlighting key similarities and differences between them. For example, financially-motivated breaches in general accounted for 91 percent of cases in Northern America, compared to 70 percent in Europe, Middle East and Africa and 63 percent in Asia Pacific. Other key findings include:
Northern America: The technique most commonly leveraged was stolen credentials, accounting for over 79 percent of hacking breaches; 33 percent of breaches were associated with either phishing or pretexting.
Europe, Middle East and Africa (EMEA): Denial of Service (DoS) attacks accounted for over 80 percent of malware incidents; 40 percent of breaches targeted web applications, using a combination of hacking techniques that leverage either stolen credentials or known vulnerabilities. Finally, 14 percent of breaches were associated with cyber-espionage.
Asia Pacific (APAC): 63 percent of breaches were financially-motivated, and phishing attacks are also high, at over 28 percent.
Alex Pinto, Lead Author of the Verizon Business Data Breach Investigations Report, comments: “Security headlines often talk about spying, or grudge attacks, as a key driver for cyber-crime – our data shows that is not the case. Financial gain continues to drive organized crime to exploit system vulnerabilities or human error. The good news is that there is a lot that organizations can do to protect themselves, including the ability to track common patterns within cyber-attack journeys – a security game changer – that puts control back into the hands of organizations around the globe.”
The DBIR is produced by the Verizon RISK (Research, Investigations, Solutions, Knowledge) team within Verizon’s Enterprise Services business unit. The report’s data set combines data from public and private organizations around the world, including law enforcement agencies, national incident-reporting entities, research institutions, private security firms and Verizon. Before being analyzed, the case studies, reports and interviews are standardized using the Vocabulary for Event Recording and Incident Sharing (VERIS) Framework. Each year, Verizon seeks to increase the size of its data set by incorporating data from more contributors.
Click here for the big picture – Complete 2020 DBIR Executive Summary
Vestige Digital Investigations, is a leading U.S. Electronic Evidence Experts company specializing in Cybersecurity and Digital Forensic solutions – both proactive and reactive. Vestige provides Expert proactive and reactive Cybersecurity Services to organizations of all sizes. They also provide timely and trusted investigations of any digital devices to resolve disputes and litigate claims including Non-Compete/Intellectual Property (IP) Theft, Data Breaches, White Collar Crime, ESI Consulting and more through Digital Forensic Services. We serve small, mid-size and large Fortune 500 corporations both nationally and internationally helping professionals in the administrative, finance, fraud examination, HR, IT, insurance, law enforcement, legal and risk management fields make educated and informed decisions about access and preservation of digital information and its security. As experts, we offer a comprehensive knowledge of both the technical and legal aspects of digital forensics and cybersecurity. We are respected for confidential, objective, and knowledgeable investigations and reporting. Vestige Digital Investigations is headquartered in Cleveland, OH, with offices in Columbus, OH, Pittsburgh, PA and New York, NY. www.VestigeLtd.com
verizon.com/dbir #DBIR #cybersecurity