In breif:
- C-level executives increasingly and proactively targeted by social breaches – correlating to a rise of social-engineering attacks with financial motivation.
- Compromise of web-based email accounts using stolen credentials (98 percent) rising -seen in 60 percent of attacks involving hacking a web application.
- One-quarter of all breaches still associated with espionage.
- Ransomware attacks still strong, accounting for 24 percent of the malware incidents analyzed and ranking #2 in most-used malware varieties.
- 12th edition of the DBIR includes data from 73 contributors, the highest number since launch.
- Analyzes 41,686 security incidents, and 2,013 confirmed breaches from 86 countries.
C-level executives who have access to a company’s most sensitive information, are now the major focus for social engineering attacks. According to a 2019 Data Breach Investigations Report by Verizon, senior executives are 12x more likely to be the target of social incidents, and 9x more likely to be the target of social breaches than in previous years – and financial motivation remains the key driver. Financially-motivated social engineering attacks (12 percent of all data breaches analyzed) are a key topic in this year’s report, highlighting the critical need to ensure ALL levels of employees are made aware of the potential impact of cybercrime.
“Technical IT hygiene and network security are table stakes when it comes to reducing risk. It all begins with understanding your risk posture and the threat landscape, so you can develop and action a solid plan to protect your business against the reality of cybercrime. Knowledge is power, and Verizon’s DBIR offers organizations large and small a comprehensive overview of the cyber threat landscape today so they can quickly develop effective defense strategies.”
A successful pretexting attack on senior executives can reap large dividends as a result of their - often unchallenged - approval authority, and privileged access into critical systems. Typically time-starved and under pressure to deliver, senior executives quickly review and click on emails prior to moving on to the next (or have assistants managing email on their behalf), making suspicious emails more likely to get through. The increasing success of social attacks such as business email compromises (BECS -which represent 370 incidents or 248 confirmed breaches of those analyzed), can be linked to the unhealthy combination of a stressful business environment combined with a lack of focused education on the risks of cybercrime.
This year’s findings also highlight how the growing trend to share and store information within cost-effective cloud-based solutions is exposing companies to additional security risks. The analysis found that there was a substantial shift towards the compromise of cloud-based email accounts via the use of stolen credentials. In addition, publishing errors in the cloud are increasing year-over-year. Misconfiguration (“Miscellaneous Errors”) led to a number of massive, cloud-based file storage breaches, exposing at least 60 million records analyzed in the DBIR dataset. This accounts for 21 percent of breaches caused by errors.
Major findings in summary
- New analysis from FBI Internet Crime Complaint Center (IC3): Provides insightful analysis of the impact of Business Email Compromises (BECs) and Computer Data Breaches (CDBs). The findings highlight how BECs can be remedied. When the IC3 Recovery Asset Team acts upon BECs, and works with the destination bank, half of all US-based business email compromises had 99 percent of the money recovered or frozen; and only 9 percent had nothing recovered.
- Attacks on Human Resource personnel have decreased from last year: Findings saw 6x fewer Human Resource personnel being impacted this year compared to last, correlating with W-2 tax form scams almost disappearing from the DBIR dataset.
- Chip and Pin payment technology has started delivering security dividends: The number of physical terminal compromises in payment card related breaches is decreasing compared to web application compromises.
- Ransomware attacks are still going strong: They account for nearly 24 percent of incidents where malware was used. Ransomware has become so commonplace that it is less frequently mentioned in the specialized media unless there is a high profile target.
- Media-hyped crypto-mining attacks were hardly existent: These types of attacks were not listed in the top 10 malware varieties, and only accounted for roughly 2 percent of incidents.
- Outsider threats remain dominant: External threat actors are still the primary force behind attacks (69 percent of breaches) with insiders accounting for 34 percent.
Putting business sectors under the microscope
Industry findings of note include:
- Educational Services: There was a noticeable shift towards financially motivated crime (80 percent). 35 percent of all breaches were due to human error and approximately a quarter of breaches arose from web application attacks, most of which were attributable to the use of stolen credentials used to access cloud-based email.
- Healthcare: This business sector continues to be the only industry to show a greater number of insider compared to external attacks (60 versus 42 percent respectively). Unsurprisingly, medical data is 18x more likely to be compromised in this industry, and when an internal actor is involved, is it 14x more likely to be a medical professional such as a doctor or nurse.
- Manufacturing: For the second year in a row, financially motivated attacks outnumber cyber-espionage as the main reason for breaches in manufacturing, and this year by a more significant percentage (68 percent).
- Public Sector: Cyber-espionage rose this year - however, nearly 47 percent of breaches were only discovered years after the initial attack.
- Retail: Since 2015, Point of Sale (PoS) breaches have decreased by a factor of 10, while Web Application breaches are now 13x more likely.
