The Verizon 2020 Data Breach Investigations Report shows financial gain is the biggest motivator for cyberattacks, accounting for 86% of the 32,002 security incidents analyzed for this year’s report, up from 71% in 2019. 55% of the financially motivated attacks were conducted by cybercriminal organizations with healthcare records being a preferred target (resulting in HIPAA compliance breaches).
The majority of data breaches involve the theft of credentials, which has meant malware is being used much less than in previous years. Cybercriminals are choosing the easiest way to attack organizations and credential theft is easier and more cost effective than malware.
Cybercriminals can gain access to networks and achieve persistence by using credentials stolen in phishing attacks and other social engineering scams, while brute force tactics are used to guess weak passwords and gain access to corporate networks. 67% of all breaches involved credential theft, phishing, social engineering, or business email compromise.
80% of all hacking incidents involved the use of stolen credentials or passwords guessed using brute force tactics, the remaining 20% of hacking breaches were the result of exploitation of unpatched vulnerabilities.
As more companies transition to the cloud, new vulnerabilities are being introduced and cybercriminals are taking advantage. Cyberattacks on web applications have doubled over the past 12 months, and account for 43% of all breaches. While malware attacks have declined, there has been an increase in ransomware attacks, which account for 27% of all malware-related breaches, up from 24% in 2019. 18% of organizations represented in the report had experienced at least one attempted ransomware attack in the past 12 months.
The attacks on cloud infrastructure and resources are likely to continue to rise. The COVID-19 pandemic has forced many businesses to adopt more cloud applications to allow their now largely at-home employees to continue to work. In many cases, that transition had to occur rapidly, which makes misconfigurations much more likely. Many companies have had to move data to the cloud and are now trying to work out how best to protect it, rather than the other way round. The report revealed that the majority of cloud data breaches (73%) involved web application or email servers, and 77% involved credential theft.
70% of data breaches were caused by external actors, with 30% the result of insiders. 45% of attacks involved hacking, 22% were caused by social engineering, 22% involved malware, and 17% were the result of errors. Only 8% of breaches involved malicious actions by insiders.
This year’s Data Breach Investigation’s Report is broken down by industry sector and reveals differences between how each are attacked. Attacks on manufacturers often involve malware. Malware was involved in 29% of manufacturing breaches. Attacks on POS systems were once the most common type of breach in the retail sector, but that has now been overtaken by attacks on web applications. 30% of breaches in the finance and insurance sectors also involved attacks on web applications.
The education sector has seen a big rise in ransomware attacks, which now account for 80% of all malware incidents in the industry. Phishing attacks were also rife, accounting for 28% of all breaches. In healthcare, 30% of breaches were the result of human error and the industry has the highest number of insider breaches out of all industry sectors represented in the report. External actors were responsible for 51% of breaches with insiders in a close second causing 48% of breaches. There has also been a massive increase in healthcare attacks. Last year, there were 304 reported breaches included in the report, this year the number of incidents has increased to 521.