The Verizon Business 2020 Data Breach Investigations Report (2020 DBIR) shows that organized crime is behind a high number of successful cyber attacks. The report shows that financial gain remains the key driver for cyber crime with nearly nine in 10 (86 percent) breaches investigated being financially-driven. The vast majority of breaches continue to be caused by external actors - 70 percent - with organized crime accounting for 55 percent of these. Credential theft and social attacks such as phishing and business email compromises cause the majority of breaches (over 67 percent), and specifically:
- 37 percent of credential theft breaches used stolen or weak credentials,
- 25 percent involved phishing
- Human error accounted for 22 percent as well.
The 2020 DBIR also highlighted a year-over-year two-fold increase in web application breaches, to 43 percent, and stolen credentials were used in over 80 percent of these cases - a worrying trend as business-critical workflows continue to move to the cloud. Ransomware also saw a slight increase, found in 27 percent of malware incidents (compared to 24 percent in 2019 DBIR); 18 percent of organizations reported blocking at least one piece of ransomware last year.
The 2020 DBIR now includes detailed analysis of 16 industries, and shows that, while security remains a challenge across the board, there are significant differences across verticals. For example, in manufacturing, 23 percent of malware incidents involved ransomware, compared to 61 percent in the public sector and 80 percent in educational services. Errors accounted for 33 percent of public sector breaches - but only 12 percent of manufacturing. Further highlights include:
- Manufacturing: External actors leveraging malware, such as password dumpers, app data capturers and downloaders to obtain proprietary data for financial gain, account for 29 percent of Manufacturing breaches.
- Retail: 99 percent of incidents were financially-motivated, with payment data and personal credentials continuing to be prized. Web applications, rather than Point of Sale (POS) devices, are now the main cause of Retail breaches.
- Financial and insurance: 30 percent of breaches here were caused by web application attacks, primarily driven by external actors using stolen credentials to get access to sensitive data stored in the cloud. The move to online services is a key factor.
- Educational Services: Ransomware attacks doubled this year, accounting for approximately 80 percent of malware attacks vs. last year’s 45 percent, and social engineering accounted for 27 percent of incidents.
- Healthcare: Basic human error accounted for 31 percent of Healthcare breaches, with external breaches at 51 percent (up from 42 percent in the 2019 DBIR), slightly more common than insiders at 48 percent (59 percent last year). This vertical remains the industry with the highest number of internal bad actors, due to greater access to credentials.
- Public sector: Ransomware accounted for 61 percent of malware-based incidents. 33 percent of breaches are accidents caused by insiders. However, organizations have got much better at identifying breaches: only 6 percent lay undiscovered for a year compared with 47 percent previously, linked to legislative reporting requirements.
The complete 2020 Data Breach Investigations Report as well as Executive Summary is available on the DBIR resource page.