With The Explosion in Remote Working, Verizon’s Annual DBIR Is More Interesting Than Ever
Originally published on Cloud Computing Magazine
We look forward to Verizon’s increasingly epic Data Breach Investigations Report (DBIR) each year, because each year the reports go deeper and spot new trends every professional responsible for guarding their organization’s assets must read.
The 2020 report, released last month in the midst of the COVID-19 pandemic, includes the following stunning highlights:
- 86 percent of data breaches for financial gain – up from 71 percent in 2019
- Cloud-based data under attack – web application attacks double to 43 percent
- 67 percent of breaches caused by credential theft, errors, and social attacks
- Clearly identified cyber-breach pathways enable a “Defender Advantage” in the fight against cyber-crime
- On-going patching successful – fewer than 1 in 20 breaches exploit vulnerabilities
This year’s report analyzes a record 32,002 security incidents and 3,950 confirmed breaches from 81 global contributors from 81 countries.
According to the report, “financial gain remains the key driver for cybercrime, with nearly nine in 10 (86 percent) breaches investigated financially-driven.”
And while most breaches analyzed continue to be caused by external actors (70 percent, with organized crime accounting for 55 percent of these) take note of these highlights:
- 37 percent of credential theft breaches used stolen or weak credentials
- 25 percent involved phishing
- Human error accounted for 22 percent
The 2020 DBIR also highlighted a year-over-year two-fold increase in web application breaches, to 43 percent, and stolen credentials were used in over 80 percent of these cases, which the announcement about the report called “a worrying trend as business-critical workflows continue to move to the cloud.”
“As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” said Tami Erwin, CEO, Verizon Business. “In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.”
We asked Michael Fritzlo, Executive Chairman of Ironsphere, a secure identity access management company which specializes in Privileged Access Management, what they witnessed in the past year and especially the past few months.
“Our experience is aligned with what Verizon has identified and validated through their always comprehensive annual report on the state of data breaches,” Fritzlo said. “We work with very large enterprises – global banks, network service providers, cloud providers, and across several industries through systems integration and software solutions partners – and if they haven’t already started to lock down more, especially as web applications and browsers are starting to show the strain, they are putting measures into place now. The Work From Home mandate has accelerated zero trust postures given the attacks that have already taken place, shining a very bright light on the vulnerabilities.”
The DBIR revealed that in the financial and insurance industry, a new high 30 percent of breaches were caused by web application attacks, primarily driven by external actors using stolen credentials to get access to sensitive data stored in the cloud.
“We work with some of the smartest CIOs in global financial services,” Fritzlo said, “and they clearly recognize the risks associated with moving more and more of their offerings online. They’ve become experts at having both the policies and governance in place, along with the right security software, and beyond the Zero Trust goal, they are moving rapidly toward Zero Touch, meaning increasingly sophisticated automation of the management of credentials for privileged accounts.”
Fritzlo, whose team studies the DBIR annually and builds initiatives around the most recent data coming from the report said, “There were many stunning facts this year, including their regional breakdowns and insight that financially-motivated breaches in general accounted for 91 percent of cases in North America, compared to 70 percent in Europe and even less in other regions. Most important to us, given our very focused mission, is that the technique most commonly leveraged was stolen credentials, accounting for over 79 percent of hacking breaches. This is exactly the problem we are solving, working with our clients to lock down privileged accounts and automate as much as appropriate to fend off these attacks, but to also reduce or eliminate human error, especially when it comes to multi-cloud complex environments.”
Alex Pinto, Lead Author of the Verizon Business Data Breach Investigations Report, comments: “Security headlines often talk about spying, or grudge attacks, as a key driver for cyber-crime – our data shows that is not the case. Financial gain continues to drive organized crime to exploit system vulnerabilities or human error. The good news is that there is a lot that organizations can do to protect themselves, including the ability to track common patterns within cyber-attack journeys – a security game changer – that puts control back into the hands of organizations around the globe.”
The 2020 DBIR – its 13th edition – analyzed 32,002 security incidents, of which 3,950 were confirmed breaches; almost double the 2,013 breaches analyzed last year. These cases came from 81 global contributors from 81 countries, and the analysis also now covers 16 business sectors.
The complete 2020 Data Breach Investigations Report as well as Executive Summary is available on the Verizon resource page here.
Security automation is now a top concern for enterprises as the attack surface expands given more remote workers, more devices, and new attack vectors in the cloud.
Automation is rising because IT leaders are realizing it paves the way to reducing risks, gaining greater visibility into their networks, and getting the most from their security investments.
Automation technologies, from Robotic Process Automation (RPA), to Artificial Intelligence (AI) and Machine Learning (ML), are transforming business processes and operating models. These are relatively new categories, and most enterprises do not yet have the skills to implement automation technologies successfully, including Privileged Task Automation (PTA) associated with a robust Privileged Access Management (PAM) posture.read more
Apps are increasingly moving to the cloud, especially as more and more people are working remotely and expect to access them from anywhere, any time, on multiple devices. Despite that, the way enterprises secure access to applications has largely remained unchanged, as they are still focused and dependent on the corporate network perimeter.read more