Hackers Succeed In Doing More Harm Than Insiders

Uploaded on 2020-05-26 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

External hackers were to blame for most data thefts last year, while in-house incidents contributed to a 20% of computer security attacks/crimes,  according to  according to the Verizon Data Breach Investigation Report for 2020.
 
In its 13th Data Breach Investigations Report, which probed some 4,000 intrusions and network breaches in 2019, Verizon found that the online world is still a fairly bad place if you’re not equiped to defend yourself and your customers from external therats you are are in real tgrouble. 
 
Verizon's research  shows that organised crime is behind a high number of successful cyber-attacks. The report shows that financial gain remains the key driver for cyber-crime with nearly nine in 10 (86 percent) breaches that werer investigated being financially-driven.  
 
The vast majority of breaches continue to be caused by external actors, 70 percent, with organised crime accounting for 55 percent of these. 
 
Credential theft and social attacks such as phishing and business email compromises cause the majority of breaches (over 67 percent), and specifically: 
 
Verizon also highlight that a two-fold increase in web application breaches over the past two years, to 43 percent and stolen credentials were used in over 80 percent of these cases - a worrying trend as business-critical workflows continue to move to the cloud. 
 
Ransomware also saw a slight increase, found in 27 percent of malware incidents (compared to 24 percent in 2019 DBIR); 18 percent of organizations reported blocking at least one piece of ransomware last year. The 2020 DBIR now includes detailed analysis of 16 industries, and shows that, while security remains a challenge across the board, there are significant differences across industry sectors. In manufacturing, 23 percent of malware incidents involved ransomware, compared to 61 percent in the public sector and 80 percent in educational services. Errors accounted for 33 percent of public sector breaches, but only 12 percent of manufacturing. 
 
Insight:
 
Manufacturing:  External actors leveraging malware, such as password dumpers, app data capturers and downloaders to obtain proprietary data for financial gain, account for 29 percent of Manufacturing breaches.
 
Retail: 99 percent of incidents were financially-motivated, with payment data and personal credentials continuing to be prized. Web applications, rather than Point of Sale (POS) devices, are now the main cause of Retail breaches. 
 
Financial and insurance: 30 percent of breaches here were caused by web application attacks, primarily driven by external actors using stolen credentials to get access to sensitive data stored in the cloud. The move to online services is a key factor. 
 
Educational Services: Ransomware attacks doubled this year, accounting for approximately 80 percent of malware attacks vs. last year’s 45 percent, and social engineering accounted for 27 percent of incidents. 
 
Healthcare: Basic human error accounted for 31 percent of Healthcare breaches, with external breaches at 51 percent (up from 42 percent in the 2019 DBIR), slightly more common than insiders at 48 percent (59 percent last year). This vertical remains the industry with the highest number of internal bad actors, due to greater access to credentials. 
 
Public sector: Ransomware accounted for 61 percent of malware-based incidents. 33 percent of breaches are accidents caused by insiders. 
 
Organisations have clearly become better at identifying breaches with only 6 percent found to have beeen left undiscovered for a year, compared with 47 percent previously and this is tought to be  linked to new mandatory reporting requirements being introduced worldwide.
 
Verizon:       Verizon:       Verizon:    Contiuity Central:     ZDNet
 

You Might Also Read:

 
Cybersecurity Vigilance Is Mandatory:
 
 
 
 
« New Analytics Product For Cyber Insurance
Hacked ChatBooks Photo Data For Sale »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IP Performance

IP Performance

IP Performance Limited is a leading supplier of customised network infrastructure and security solutions.

Disklabs

Disklabs

Disklabs are industry leaders in data recovery, digital forensics and data erasure.

IDnow

IDnow

IDnow is the world’s fastest, most flexible and most secure identity verification platform, delivering instant verification of the identity documents used by 7 billion people.

XignSYS

XignSYS

XignSys develops innovative password-free and user-friendly Authentication solutions and electronic signature systems for B2B and B2C applications.

RiskRecon

RiskRecon

RiskRecon makes it easy to gain deep, risk contextualized insight into the cybersecurity risk performance of all of your third parties.

Risk Strategies

Risk Strategies

Risk Strategies is a leading specialty risk management consultancy and insurance broker offering smarter, practical approaches to risk mitigation including Cyber Liability insurance.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

Techstep

Techstep

Techstep is a complete mobile technology enabler, making positive changes to the world of work; freeing people to work more effectively, securely and sustainably.

Muscope Cybersecurity

Muscope Cybersecurity

Muscope CYSR platform performs a risk assessment and offers a comprehensive overview of the potential cyber attack risks.

OrbiSky Systems

OrbiSky Systems

OrbiSky Systems is a British tech startup specializing in data management and cybersecurity solutions.

CODA Intelligence

CODA Intelligence

CODA's AI-powered attack surface management platform helps you sort out the important remediations needed in order to avoid exploits on your systems.

GovSky

GovSky

GovSky streamlines CMMC compliance, saving time and significantly reducing cost.

Downdetector

Downdetector

Downdetector helps people all over the world understand disruptions to vital services such as the internet, social media, web hosting platforms, banks, games, entertainment, and more.

BlackSignal Technologies

BlackSignal Technologies

BlackSignal Technologies provides cybersecurity, digital signal processing and electronic warfare products to help DOD and IC agency customers counter near-peer threats and security challenges.

CyberSentriq

CyberSentriq

CyberSentriq provides an unmatched combination of proactive AI-driven email and web security, advanced data protection, and operational resilience.

Intersys

Intersys

Intersys provides cyber-resilient IT support and services from IT offices in London, Essex and Cambridge.