Verizon’s Annual Data Breach Investigations Report Confirms Record Number of Attacks During the Global Pandemic


MAY 2021

By: Orhan Yildirim

The Ironsphere team looks forward to the annual publishing of Verizon’s DBIR report, and this year is no exception. In fact, our team found many of the revelations stunning, but not surprising, as we all witnessed twelve months of chaos which contributed to more breaches than ever before.

The 2021 DBIR analyzed 29,207 security incidents, of which 5,258 were confirmed breaches, a significant increase on the 3,950 breaches analyzed in last year’s report. Data was collected from 83 contributors, with victims spanning 88 countries, 12 industries, and 3 world regions.

Ironsphere had a record year responding to many of the trends the DBIR report validated, including the vulnerabilities created when hundreds of millions of people were forced to work remotely. Phishing and ransomware attacks increased by 11 percent and 6 percent respectively, with instances of what the authors of the report call misrepresentation increasing by 15 times compared to last year.

More to the point, breach data showed that 61 percent of breaches involved credential data (95 percent of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts throughout the year).

The massive shift to cloud and XaaS applications also drove challenges, with attacks on web applications representing 39% of all breaches.

A month before releasing the DBIR, Verizon published the Mobile Security Index (MSI), which also revealed the continuing challenges associated with mobile working, and while this report is much smaller than its cousin, it is important to understand the specific vulnerabilities in the enterprise mobile world (Results were based on an independent survey of 856 professionals responsible for the buying, managing, and the security of mobile and IoT devices for their companies).

Among the findings in the MSI, nearly half (49 percent) of businesses surveyed said that changes to remote working practices made during lockdown adversely affected their cybersecurity.

  • 40 percent think mobile devices are their company’s biggest IT security threat.
  • However, 45 percent of businesses sacrificed the security of mobile devices to “get the job done.”

Working with our customers and partners, the Ironsphere platform and solution development team spent their time investing in adding important features, which we detailed in our 2021 Annual Report earlier this year. Our efforts were focused in real time on the new challenges enterprises are facing, including more persistent and frequent attacks, and more sophisticated and well-funded attacks by adversaries who recognized the “unlocked doors” created with the shift to remote working, when even the most robust VPNs didn’t deter cyber criminals.

We are “next level” today and are profoundly grateful for the reporting Verizon and other companies provide based on research that validates some – but not all – breaches. Understanding these trends, while staying close to the large banks, service providers, healthcare, and pharmaceutical companies we serve allows us to redouble our efforts and continue to lead the way in cloud, premise, and hybrid PAM solutions.

Securing critical infrastructure and protecting systems and data has never been more important.

Similar Blogs

Enterprise Risk Appetite Frameworks Should Include PAM

Enterprise Risk Appetite Frameworks Should Include PAM

Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”

read more