Verizon’s Annual Data Breach Investigations Report Confirms Record Number of Attacks During the Global Pandemic
By: Orhan Yildirim
The Ironsphere team looks forward to the annual publishing of Verizon’s DBIR report, and this year is no exception. In fact, our team found many of the revelations stunning, but not surprising, as we all witnessed twelve months of chaos which contributed to more breaches than ever before.
The 2021 DBIR analyzed 29,207 security incidents, of which 5,258 were confirmed breaches, a significant increase on the 3,950 breaches analyzed in last year’s report. Data was collected from 83 contributors, with victims spanning 88 countries, 12 industries, and 3 world regions.
Ironsphere had a record year responding to many of the trends the DBIR report validated, including the vulnerabilities created when hundreds of millions of people were forced to work remotely. Phishing and ransomware attacks increased by 11 percent and 6 percent respectively, with instances of what the authors of the report call misrepresentation increasing by 15 times compared to last year.
More to the point, breach data showed that 61 percent of breaches involved credential data (95 percent of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts throughout the year).
The massive shift to cloud and XaaS applications also drove challenges, with attacks on web applications representing 39% of all breaches.
A month before releasing the DBIR, Verizon published the Mobile Security Index (MSI), which also revealed the continuing challenges associated with mobile working, and while this report is much smaller than its cousin, it is important to understand the specific vulnerabilities in the enterprise mobile world (Results were based on an independent survey of 856 professionals responsible for the buying, managing, and the security of mobile and IoT devices for their companies).
Among the findings in the MSI, nearly half (49 percent) of businesses surveyed said that changes to remote working practices made during lockdown adversely affected their cybersecurity.
- 40 percent think mobile devices are their company’s biggest IT security threat.
- However, 45 percent of businesses sacrificed the security of mobile devices to “get the job done.”
Working with our customers and partners, the Ironsphere platform and solution development team spent their time investing in adding important features, which we detailed in our 2021 Annual Report earlier this year. Our efforts were focused in real time on the new challenges enterprises are facing, including more persistent and frequent attacks, and more sophisticated and well-funded attacks by adversaries who recognized the “unlocked doors” created with the shift to remote working, when even the most robust VPNs didn’t deter cyber criminals.
We are “next level” today and are profoundly grateful for the reporting Verizon and other companies provide based on research that validates some – but not all – breaches. Understanding these trends, while staying close to the large banks, service providers, healthcare, and pharmaceutical companies we serve allows us to redouble our efforts and continue to lead the way in cloud, premise, and hybrid PAM solutions.
Securing critical infrastructure and protecting systems and data has never been more important.
As Cyber Attacks Grow, Data Center Operators Can Bring Value-Added Services to Enterprises Leveraging Cloud-Based Access Management Services
No threat facing businesses today has grown as fast, or in a manner as difficult to understand, as the danger from cyberattacks. Cyber threats are increasing in both volume and sophistication, and as the world continues to become more digital with every passing day, cyber threats will only keep growing in both aspects. As a result, organizations today are turning to robust cybersecurity solutions, such as Privileged Access Management (PAM), to keep both their data and their customer’s data safe.
Privileged Access Management as a Service: An Exciting new Value-Added Service for Data Center Service Providers
Given the increasing complexity of compliance, and the growing risk of data breaches, even as public cloud, hybrid cloud, and multi-cloud solutions are being implemented, businesses of all sizes need support in protecting what they connect, and many count on their data center providers for guidance and solutions.
How Secure Are VPNs? Given Increasing Successful Attacks, It’s Time to Take a Hard Look at PAM for Zero Trust Solutions
Since the early 1990s, VPNs (Virtual Private Networks) have been central to providing remote users with access to the corporate network.
Thirty years later, in 2020, when legislation and population health initiatives mandated work-from-home, bad actors recognized and acted upon their massive opportunity to attack VPNs and initiate data theft and ransomware attacks as applications, in the heat of the moment, moved outside the traditional perimeter.