Verizon 2021 Data Breach Investigations Report: The Day After Tomorrow
by Anastasios Arampatzis
Why do we need all these annual reports published every year, this time around? This is a question that popped into my mind as I was preparing myself to write this article. What is their objective, their benefit? Well, the truth is that these reports are a great resource of reflection – they display what we have done well, where we have failed. But above all, they can educate us. We can learn from our mistakes, from the successes of other organizations, either in the same vertical or in other. Solon used to say: “I grow old learning something new every day.” That’s the true value of these reports.
Human is the top target
This is also the value of the recent Verizon 2021 Data Breach Investigations Report – nicknamed as DBIR. This report comes at a timely manner – as we slowly emerge ourselves from the lockdowns of the coronavirus pandemic, we realize that the world around us has changed. We are all ore dependent on digital technology and on the Internet. Our lives and business operations have become more digital. Remote working employees and students attending virtual classrooms dominated the discussions across 2020.
But so did the cyber-criminals. Criminals took advantage of our increased exposure to the risks and threats of living and working online to launch their malevolent actions. In fact, as DBIR 2021 demonstrates, the attackers were keen on targeting the vulnerable human factor. 85% of the breaches involved a human element. This shouldn’t come as a surprise. The findings of the Verizon 2021 Mobile Security Index report are compelling:
- 97% of participants consider remote workers to be more at risk than office workers.
- 48% of the respondents sacrificed security to support remote working requirements and cope with the pandemic crisis.
Key report findings
So, what are the findings that contribute to the fact that the main target of data breaches during 2020 was the human?
- Phishing was present in 36% of breaches in our dataset, up from 25% last year. Business Email Compromises (BECs) were the second-most common form of Social Engineering.
- 70% of all misuse varieties in breaches were privilege misuse.
- 61% of breaches involved credential data.
- Ransomware was the preferred attack vector in 10% of examined data breaches – more than double since 2019.
- User credentials, personal and medical data are the most sought-after data in breaches.
Other interesting findings worth highlighting are the following:
- Errors decreased as a percentage of breaches (from 22% to 17%).
- Attacks on web applications were the main attack vector in Hacking actions, with over 80% of breaches. In addition, desktop sharing (RDP) has moved into second place in Hacking vectors.
- Compromised cloud assets were more common than on-premises assets in both incidents and breaches.
- Breaches happened mostly due to external, financially motivated actors.
- Top patterns in incidents were Denial of Service and Basic Web Application attacks.
Denial of Service
The Denial-of-Service pattern consists of attacks intended to compromise the availability of networks and systems. This pattern includes both network and application layer attacks and is the most common pattern across incidents. However, Denial of Service (DoS) is one of those threats that can be addressed.
DDoS packets are getting blocked at various places, from Internet Service Providers (ISPs) to Autonomous System Numbers (ASNs) and Content Delivery Networks (CDNs) that business sites sit behind. DoS attacks can be:
- Direct, when the packets come directly from the actor or their deployed botnets.
- Reflected, when the actor sends packets to a vulnerable service that then reflects the packets to the victim.
DDoS attacks can also be intended for resource exhaustion causing abnormal load on memory or processing, or volumetric flooding the network with lots and lots of packets.
According to the latest data coming from Cloudflare, a leading Platform for CDN, DDoS, WAF, Zero Trust and more, the most targeted industries of Q1 2021 were Telcos and Consumer Services, with most attack traffic coming from China and United States, with ransom DDoS attacks being on the rise.
Organizations need to secure and ensure the reliability of their external-facing resources such as websites, APIs, and applications. Additionally, protection of internal resources such as behind-the-firewall applications, teams, and devices is a must. Moreover, a platform for developing globally scalable applications is more mandatory than ever.
ADACOM can help all organizations, from the smallest to the biggest, by offering and also managing all Cloudflare’s services such as DDoS protection, WAF, CDN, Bot Management and serverless compute from a single dashboard and a single API endpoint, providing deep service integration, easy troubleshooting and lower latency.
Reach out for more information!