2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Financial Gain Drives 90% of Security Breaches: Verizon Research

us-dollars-money-currency.jpgFinancial Gain Drives 90% of Security Breaches: Verizon Research>
MSSP Alert – DH Kass
The 2020 Verizon Business Data Breach Investigations Report, the 13th such iteration, found that credential theft, phishing and business email compromises are behind more than 67 percent of breaches. ⢠Ransomware now accounts for 27% of malware incidents, and 18% of organizations blocked at least one ransomware incident. ⢠70% of breaches were caused by outsiders. ⢠Espionage accounted for only 10% of breaches. ⢠Advanced threats represent only 4% of breaches. ⢠Credential theft, phishing, business email compromise and errors cause 67% of breaches. ⢠Attacks on web applications were a part of 43% of breaches. The most common methods of attacking web apps are using stolen or brute-forced credentials (more than 80%) or exploiting vulnerabilities (less than 20%) to gain access. More: ⢠Personal data was involved in 58% of breaches, spanning email addresses, names, phone numbers, physical addresses and other types of information contained in an email or stored in a misconfigured database. ⢠There were more than double the number of internal error related breaches (881) this year as compared to last year (424), likely due to improved reporting requirements rather than insiders making more frequent mistakes. ⢠Trojan-type malware, which peaked at roughly 50% of all breaches in 2016, has fallen to just 6.5%. Some 45% of malware is either droppers, backdoors or keyloggers, much of it blocked successfully. ⢠Less than 5% of breaches involved exploiting a vulnerability. About 2.5% of security information and event management events involved attacking a vulnerability.

Industry drill down: ⢠Education: Phishing attacks occurred in 28% of breaches and hacking via stolen credentials in 23% of breaches. Ransomware accounts for approximately 80% of malware infections. ⢠Financial/insurance: External actors financially motivated to get easily monetized data (63%), internal financially motivated actors (18%) and internal actors committing errors (9%) account for 90% of breaches. ⢠Healthcare: Financially motivated criminal groups continue to target education via ransomware attacks. Lost and stolen assets and basic human error account for most of the breaches. ⢠Retail: Attacks against e-commerce applications are by far the leading cause of breaches. ⢠SMBs: In organizations of fewer than 1,000 employees, credentials (52%) and personal (30%) data are most often compromised in breaches. Of organizations with more than 1,000 employees, credentials (64%), other (26%), and personal data (19%) are most often compromised.
Link: https://www.msspalert.com/cybersecurity-research/financial-gain-drives-90-of-security-breaches/

Categories:

Tags: