Each year Verizon publishes the Data Breach Investigations Report (DBIR). It reveals top trends in cyber-criminal activity, how attacks are happening, who they’re targeting, and how.
Findings from this year’s report include how the pandemic has influenced cyber-crimes and how the focus has shifted to more cloud-based infrastructures.
39% of data breaches were traced back to web application being compromised. Both phishing and ransomware increased significantly in 2020. However, human negligence continues to be the #1 cause of security breaches.
CEO of Verizon Business, Tami Erwin, explained that the pandemic has profoundly impacted many security challenges organizations are currently facing. Many businesses are switching business-critical functions to the cloud. The threat to their operations increases because malicious actors look for human vulnerabilities that accompany this switch.
Key findings from the data breach report
The report pulls findings from 29,207 incidents investigated in 2020, confirming over 5,200 breaches.
Here are a few key findings:
- Denial of service (DDos) was the most common type of attack.
- Social engineering and basic web application attacks were the majority of breaches. Among those, 85% involved a human element.
- Over 10% of data breaches involved ransomware—doubling the incidents seen in 2019.
- Data breaches are getting more expensive with the median breach costing $21, 659. Most organizations can expect costs as high as $650,000.
- Most web application attacks were directed at cloud-based servers using stolen credentials from other breaches or “brute force” password guessing from bots.
The kind of data attackers are looking for can vary by industry. 83% of the data compromised from financial and insurance industries was personal information whereas information from professional, technical or other business industries was confidential business information or research information.
Because of the pandemic and the influx of people working from home, phishing and ransomware increased. However, the report also noted a decrease in end-user compromised devices. This is because attackers seem to be focusing more on obtaining credentials for external cloud assets and email systems rather than hacking into the computers of those working remotely.
If there’s anything to learn from this year’s report, it is that investing in cloud-based external asset protection as well as on site data security should be top priority of small, large and corporate businesses around the world.
Investing in a Cloud App Security Broker solution can help, as well as products that can security destroy any hard drives, SSDs, circuit boards, cell phones and other digital devices.
Learn more about why you should professionally destroy your data.
