With The Explosion in Remote Working, Verizon’s Annual DBIR Is More Interesting Than Ever
Originally published on Cloud Computing Magazine
We look forward to Verizon’s increasingly epic Data Breach Investigations Report (DBIR) each year, because each year the reports go deeper and spot new trends every professional responsible for guarding their organization’s assets must read.
The 2020 report, released last month in the midst of the COVID-19 pandemic, includes the following stunning highlights:
- 86 percent of data breaches for financial gain – up from 71 percent in 2019
- Cloud-based data under attack – web application attacks double to 43 percent
- 67 percent of breaches caused by credential theft, errors, and social attacks
- Clearly identified cyber-breach pathways enable a “Defender Advantage” in the fight against cyber-crime
- On-going patching successful – fewer than 1 in 20 breaches exploit vulnerabilities
This year’s report analyzes a record 32,002 security incidents and 3,950 confirmed breaches from 81 global contributors from 81 countries.
According to the report, “financial gain remains the key driver for cybercrime, with nearly nine in 10 (86 percent) breaches investigated financially-driven.”
And while most breaches analyzed continue to be caused by external actors (70 percent, with organized crime accounting for 55 percent of these) take note of these highlights:
- 37 percent of credential theft breaches used stolen or weak credentials
- 25 percent involved phishing
- Human error accounted for 22 percent
The 2020 DBIR also highlighted a year-over-year two-fold increase in web application breaches, to 43 percent, and stolen credentials were used in over 80 percent of these cases, which the announcement about the report called “a worrying trend as business-critical workflows continue to move to the cloud.”
“As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” said Tami Erwin, CEO, Verizon Business. “In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.”
We asked Michael Fritzlo, Executive Chairman of Ironsphere, a secure identity access management company which specializes in Privileged Access Management, what they witnessed in the past year and especially the past few months.
“Our experience is aligned with what Verizon has identified and validated through their always comprehensive annual report on the state of data breaches,” Fritzlo said. “We work with very large enterprises – global banks, network service providers, cloud providers, and across several industries through systems integration and software solutions partners – and if they haven’t already started to lock down more, especially as web applications and browsers are starting to show the strain, they are putting measures into place now. The Work From Home mandate has accelerated zero trust postures given the attacks that have already taken place, shining a very bright light on the vulnerabilities.”
The DBIR revealed that in the financial and insurance industry, a new high 30 percent of breaches were caused by web application attacks, primarily driven by external actors using stolen credentials to get access to sensitive data stored in the cloud.
“We work with some of the smartest CIOs in global financial services,” Fritzlo said, “and they clearly recognize the risks associated with moving more and more of their offerings online. They’ve become experts at having both the policies and governance in place, along with the right security software, and beyond the Zero Trust goal, they are moving rapidly toward Zero Touch, meaning increasingly sophisticated automation of the management of credentials for privileged accounts.”
Fritzlo, whose team studies the DBIR annually and builds initiatives around the most recent data coming from the report said, “There were many stunning facts this year, including their regional breakdowns and insight that financially-motivated breaches in general accounted for 91 percent of cases in North America, compared to 70 percent in Europe and even less in other regions. Most important to us, given our very focused mission, is that the technique most commonly leveraged was stolen credentials, accounting for over 79 percent of hacking breaches. This is exactly the problem we are solving, working with our clients to lock down privileged accounts and automate as much as appropriate to fend off these attacks, but to also reduce or eliminate human error, especially when it comes to multi-cloud complex environments.”
Alex Pinto, Lead Author of the Verizon Business Data Breach Investigations Report, comments: “Security headlines often talk about spying, or grudge attacks, as a key driver for cyber-crime – our data shows that is not the case. Financial gain continues to drive organized crime to exploit system vulnerabilities or human error. The good news is that there is a lot that organizations can do to protect themselves, including the ability to track common patterns within cyber-attack journeys – a security game changer – that puts control back into the hands of organizations around the globe.”
The 2020 DBIR – its 13th edition – analyzed 32,002 security incidents, of which 3,950 were confirmed breaches; almost double the 2,013 breaches analyzed last year. These cases came from 81 global contributors from 81 countries, and the analysis also now covers 16 business sectors.
The complete 2020 Data Breach Investigations Report as well as Executive Summary is available on the Verizon resource page here.
With new software-based approaches and cybersecurity automation, organizations can protect themselves from one of the primary causes of breaches – adversaries taking control of privileged accounts by being able to “crack the code” on privileged users’ passwords.
When the COVID-10 pandemic began, no industry in the world was put under more stress than the medical industry. With cases climbing, and more people constantly wanting information on what to do, the medical industry turned to technology to meet the demand.
It is one thing when enterprises use automation, including AI, to improve the efficiency of their ERP, HR, accounting, and other systems, and of course, any enterprise system which collects, stores, and uses data should be fully protected, including a solid Privileged Access Management (PAM) solution as a core part of their IT architecture.