What are the three most common culprits in data breaches? According to the Verizon Business 2020 Data Breach Investigations Report, they are: credential theft/use, error and social attacks. This lot combined caused more than two-thirds of data breaches identified by DBIR worldwide during the last 12 months.
Social attacks typically come in the form of phishing, business email compromise and pretexting – where a false narrative is created to obtain information or influence behavior – and employees working from home are apparently more vulnerable to attacks and manipulation of this sort.
"These tactics prove effective for attackers, so they return to them time and again," said the report's authors. "Addressing these vulnerabilities should be the focus of the bulk of security efforts [for most organizations]."
Another emerging trend identified by DBIR, now in its thirteenth iteration, is that attacks on web apps were a part of 43% of breaches (more than double from last year).
"As workflows move to cloud services, it makes sense for attackers to follow," said the report. The most common methods used to attack web apps to gain access to sensitive information are using stolen or brute-forced credentials (over 80%) and exploiting vulnerabilities (less than 20%).
Some things don't change
The latest DBIR is a weighty tome – nearly 120 pages – and analyzed over 32,000 security incidents across 81 countries. Of the number of incidents recorded, nearly 4,000 were confirmed as data breaches (about double the number analyzed last year).
Although various trends are monitored in the report – security tools are apparently getting better at blocking common malware – there is one constant: The majority of data breaches (86%) are still financially motivated.
The report also strove to debunk what it thought were some data-breach myths. "Many believe shady Internal actors to be the most common cause of breaches, but the DBIR data continues to show that external actors are—and always have been—more common. In fact, 70% of breaches this year were caused by outsiders," said the report. "Espionage gets the headlines but accounts for just 10% of breaches in this year's data."
One nagging worry for organizations is that over a quarter of breaches were discovered months or more after the initial compromise. "Businesses must get better at spotting cyberattacks," warned the report, "or they risk giving criminals free rein to run amok in their systems and syphon off sensitive business and customer data."
"The good news is that there is a lot that organizations can do to protect themselves, including the ability to track common patterns within cyber-attack journeys – a security game changer – that puts control back into the hands of organizations around the globe," said Alex Pinto, DBIR lead author.
— Ken Wieland, contributing editor, special to Light Reading