The Week in Breach – 10 Things You Need to See From the 2021 Verizon Data Breach Investigations Report & Why They Matter

Make sure to add us or contact us for the latest news



10 Things You Need to See From the 2021 Verizon Data Breach Investigations Report & Why They Matter


Every year, industry players await the Verizon Data Breach Investigations Report. While it is always a cornucopia of information that can help businesses make informed decisions about cybersecurity, it’s also a lot to read. We’ve gone through the whole thing and pulled out 10 data points that we think deserve a second look. We’ll also share our analysis of why those things are so important as well as how to secure your business and your clients against the risks that we highlight.

In the 2021 edition, the 14th iteration of their influential report, the researchers at Verizon looked at 29,207 incidents and then refined that pool down to 5,258 confirmed data breaches that could be clearly demonstrated – one third more breaches than last year. To create the 2021 dataset researchers collected data from 83 contributors spanning 88 countries, 12 industries and 3 world regions.

10 Things You Need to See from the 2021 Verizon DBIR

1. 85% of breaches involved a human element.

This is important because it illustrates that the top cause of data breaches is still human beings. Specifically, errors made by employees. Diving deeper, the top error that spawns data breaches is misconfiguration. In second place, misdelivery is still riding high on the chart. That includes accidentally sending someone information that they’re not authorized to have or sending the wrong information outside the organization.

2. 3-time champion phishing remained the top threat action that resulted in a breach.

To no one’s surprise, phishing remains the top data breach threat for the third year in a row. It actually increased by 10%, which tracks with the tremendous increase in email volume and record-breaking cybercrime rates that started in March 2020. This category does not include ransomware, which has become such a behemoth that it has its own category these days. This reinforces how crucial phishing defense is for every business.

3. The number of breaches that involved ransomware doubled.

The villain of the year in 2020 was ransomware, and that’s reflected in this report. The number of breaches studied that included ransomware doubled, a confirmation of just how dangerous this phishing-related threat is for every organization. Ransomware is already up by more than 100% in 2021 over record numbers in 2020 and it’s still climbing, making this the top security concern for 2021. Eliminating ransomware threats starts with eliminating phishing incidents.

4. 61% of breaches involved credentials.

Everyone wants to do things the easy way, even cybercriminals. The easy way for them to snatch up data is to obtain credentials through phishing, making strong access control a necessity. But beyond just phishing a credential from an employee, huge quantities of dark web records including 22 billion more added in 2020 provide ample resources for password cracking. Taking the power out of stolen or cracked passwords is one of the prime benefits of multifactor authentication (MFA), and every company needs to be using it now.

5. 85% of social engineering actions that lead to a data breach are done via email.

Once again, there’s no surprise here but there is a strong illustration of why phishing resistance training is absolutely vital. Cybercriminals are using many different lures to entice employees into action through social engineering and they can be difficult to unmask. Phishing resistance training that teaches employees to spot and reject social engineering tricks, especially sophisticated social engineering attempts, is critical to keeping cybercriminals away from data.

6. 23% of monitored organizations experienced brute force or credential stuffing attacks.

Remember credential stuffing? It seems like all that the security world has been talking about is ransomware, but credential stuffing is just as dangerous. Almost a quarter of breaches last year were the fruit of credential stuffing- with 95% of them getting hit with between 637 and 3.3 billion credentials in order to force entry. This is an important reason why single sign on (SSO) is a must-have for access control. In case of trouble, SSO enables techs to quickly isolate a compromised user account and prevent further intrusion.

7. Over 80% of breaches were discovered by external parties.

This should be a troubling number for anyone securing data. More breaches are discovered by researchers than internal teams, a strong indication that lax cybersecurity practices can create big problems. Increased security awareness training and building a strong cybersecurity culture is the prescription for increasing vigilance to make sure that breach risks are caught sooner rather than later.

8. Credentials remain the most sought-after data type and personal data is the second most sought-after data type.

Continuing its winning streak, credentials are the most desirable data for cybercriminals to snatch. It’s not a surprise that gaining access to the heart of a business is at the top of the cybercriminal wishlist. Credentials make it easy for them to conduct multiple operations quickly. Personal data remains in second place, valued both for its usefulness in identity theft and spear phishing.

9. The majority of known data breaches involves loss of personal data, quickly followed by medical data.

Bad actors want personal data to power all sorts of cybercrime operations, and they’re working hard to get it. Thanks to the hot market for COVID-19 data in 2020, medical data is in second place. A record number of breaches at hospitals, laboratories, pharmaceutical companies and even medical data processers bears out that conclusion. Anyone who handles data like this needs to be maintaining strong access controls and phishing resistance training to keep cybercriminals out of it.

10. Business Email Compromise (BEC) is the second most common vector for social engineering.

Although the primary reason that cybercriminals choose to conduct sophisticated social engineering attacks in 2020 was phishing for credentials, BEC scams took their turn in the spotlight. These fraud attempts were also buoyed by high email volumes and uncertainty as many inexperienced remote workers created a bumper crop of targets ripe for the picking. Reliance on doing business remotely also made 2020 the perfect year for BEC. Companies will benefit from stepping up security awareness training around BEC to avoid trouble from this constant threat.

We’re here to help if you would like to learn more about ways that you can protect your business from being in the line of fire from today’s nastiest cybersecurity nightmares. From dark web monitoring to phishing resistance training, IntegraMSP has you covered. Let’s get together and talk about how we can help your clients and your business! SCHEDULE A CONSULTATION>>


Dark Web ID’s Top Threats This Week


 


United States – Utility Trailer Manufacturing

https://www.freightwaves.com/news/trailer-maker-utility-targeted-in-ransomware-attack

Exploit: Ransomware

Utility Trailer Manufacturing: Trailer Fabrication

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.655= Severe

California-based Utility Trailer Manufacturing was hit by the Clop ransomware gang. As proof of the hit, the gang released 5 gigabytes of data to the dark web this week. The company has not been clear on the impact of the breach beyond saying that client data including payment records were not accessed and manufacturing remains normal.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.507= Severe

While the company is staying mum about the content of the breach, researchers have determined that an extensive amount of sensitive personal data about employees, including payrolls and human resources information was included in the incident after finding it on the dark web. Past and present employees should be alert for identity theft and spear phishing attempts.

Customers Impacted: Unknown

How It Could Affect Your Business: A new ransomware attack is launched every 40 seconds, and every business is in the line of fire. Making sure that you have all the bases covered and taking smart precautions like increased security awareness training can help reduce risk.

IntegraMSP to the Rescue: Are your clients fully protected from ransomware risk? Make sure they’re covered with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>


United States – Alaska Department of Health and Social Services

https://www.govinfosecurity.com/alaska-health-department-services-affected-by-malware-attack-a-16708

Exploit: Malware

Alaska Department of Health and Social Services: Regional Human Services Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.833= Severe

The Alaska health department’s website was taken offline Monday evening and will be unavailable to the public for an indeterminate amount of time as IT teams work to investigate and recover from a malware attack. COVID-19 immunization and most data dashboards are maintained by an outside contractor and are still operational. The department’s main website, background check system, the state of Alaska’s vital records system, Alaska’s behavioral health and substance abuse management system and the state’s system for schools to report vaccine data to public health have all been impacted.

Individual Impact: No sensitive personal or financial information was confirmed as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Malware that takes important systems offline can seriously impact an organization’s operations, costing a fortune in remediation, investigation and recovery. Government targets have been especially appealing to cybercriminals due to their notoriously weak security.

IntegraMSP to the Rescue:  Which sectors are the most at risk for a data breach? Find that information and more useful data to inform security decisions in The Global Year in Breach 2021 by ID AgentREAD IT NOW>>


United States – Bergen Logistics

https://www.hackread.com/logistics-giant-leaks-data-lolz-when-alerted/

Exploit: Unsecured Database

Bergen Logistics: Shipping & Fulfillment

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.812= Moderate

Security researchers recently discovered an exposed database belonging to Bergen Logistics. The Elasticsearch server contains a trove of 467,979 login credentials and shipment records relevant to the company’s customers. Bergen Logistics handles import/export, picking and packing for clients in the fashion industry. the company also direct ships to customers of online marketplaces and e-commerce stores.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.772= Moderate

The exposed data for customers includes names, addresses, order numbers and details, email and contact information and plaintext passwords to customer accounts. This data could be used for spear phishing attempts.

Customers Impacted: Unknown

How it Could Affect Your Business There are enough ways to suffer a cybersecurity incident without causing them through negligence, even though employee error is still the number one cause of a data breach. Making sure to cover the bases with basics goes a long way toward improving security.

IntegraMSP to the Rescue:  Our Security Awareness Champion’s Guide is a wealth of knowledge to help beat cybercrime, including expert strategies to make security budgets stretch just a little bit further. READ IT NOW>>


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.