Hackers Succeed In Doing More Harm Than Insiders

External hackers were to blame for most data thefts last year, while in-house incidents contributed to a 20% of computer security attacks/crimes,  according to  according to the Verizon Data Breach Investigation Report for 2020.
 
In its 13th Data Breach Investigations Report, which probed some 4,000 intrusions and network breaches in 2019, Verizon found that the online world is still a fairly bad place if you’re not equiped to defend yourself and your customers from external therats you are are in real tgrouble. 
 
Verizon's research  shows that organised crime is behind a high number of successful cyber-attacks. The report shows that financial gain remains the key driver for cyber-crime with nearly nine in 10 (86 percent) breaches that werer investigated being financially-driven.  
 
The vast majority of breaches continue to be caused by external actors, 70 percent, with organised crime accounting for 55 percent of these. 
 
Credential theft and social attacks such as phishing and business email compromises cause the majority of breaches (over 67 percent), and specifically: 
 
Verizon also highlight that a two-fold increase in web application breaches over the past two years, to 43 percent and stolen credentials were used in over 80 percent of these cases - a worrying trend as business-critical workflows continue to move to the cloud. 
 
Ransomware also saw a slight increase, found in 27 percent of malware incidents (compared to 24 percent in 2019 DBIR); 18 percent of organizations reported blocking at least one piece of ransomware last year. The 2020 DBIR now includes detailed analysis of 16 industries, and shows that, while security remains a challenge across the board, there are significant differences across industry sectors. In manufacturing, 23 percent of malware incidents involved ransomware, compared to 61 percent in the public sector and 80 percent in educational services. Errors accounted for 33 percent of public sector breaches, but only 12 percent of manufacturing. 
 
Insight:
 
Manufacturing:  External actors leveraging malware, such as password dumpers, app data capturers and downloaders to obtain proprietary data for financial gain, account for 29 percent of Manufacturing breaches.
 
Retail: 99 percent of incidents were financially-motivated, with payment data and personal credentials continuing to be prized. Web applications, rather than Point of Sale (POS) devices, are now the main cause of Retail breaches. 
 
Financial and insurance: 30 percent of breaches here were caused by web application attacks, primarily driven by external actors using stolen credentials to get access to sensitive data stored in the cloud. The move to online services is a key factor. 
 
Educational Services: Ransomware attacks doubled this year, accounting for approximately 80 percent of malware attacks vs. last year’s 45 percent, and social engineering accounted for 27 percent of incidents. 
 
Healthcare: Basic human error accounted for 31 percent of Healthcare breaches, with external breaches at 51 percent (up from 42 percent in the 2019 DBIR), slightly more common than insiders at 48 percent (59 percent last year). This vertical remains the industry with the highest number of internal bad actors, due to greater access to credentials. 
 
Public sector: Ransomware accounted for 61 percent of malware-based incidents. 33 percent of breaches are accidents caused by insiders. 
 
Organisations have clearly become better at identifying breaches with only 6 percent found to have beeen left undiscovered for a year, compared with 47 percent previously and this is tought to be  linked to new mandatory reporting requirements being introduced worldwide.
 
Verizon:       Verizon:       Verizon:    Contiuity Central:     ZDNet
 

You Might Also Read:

 
Cybersecurity Vigilance Is Mandatory:
 
 
 
 
« New Analytics Product For Cyber Insurance
Hacked ChatBooks Photo Data For Sale »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Markel International

Markel International

Markel International is an international insurance company which looks after the commercial insurance needs of businesses. Specialist services include Cyber Risk insurance.

TruNarrative

TruNarrative

TruNarrative provides a unified solution for Identity Verification, Fraud Detection, eKYC, Risk Assessment, AML Compliance and Account Monitoring.

Dathena

Dathena

Dathena is a company developing data governance software based on machine learning algorithms.

RvA

RvA

RvA is the national accreditation body for the Netherlands. The directory of members provides details of organisations offering certification services for ISO 27001.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

CyberASAP

CyberASAP

CyberASAP provides expertise, knowledge and support to convert academic ideas into commercial products in the cyber security space.

GLESEC

GLESEC

GLESEC offer a complete range of Cyber Security services from Operations & Intelligence Services to Auditing & Compliance and Simulation and Training.

Futurae Technologies

Futurae Technologies

Futurae - enabling trust and invisible security for your users on all devices and applications. Strong customer authentication (SCA) made easy.

MyCena

MyCena

MyCena has developed a complete system of security, control and management for decentralised credentials.

Sekuro

Sekuro

Sekuro is your leading governance and cyber security partner. Building organisational resilience. Enabling fearless innovation.

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.

Lodestone

Lodestone

Lodestone partners with clients to help them mitigate business and reputational risk, through our human-based, approach to cyber security, digital forensics and incident response.

D.med Software

D.med Software

D.med Software is a company with a focus on cybersecurity for embedded software and cloud applications for the medical industry.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

Corinium Global Intelligence

Corinium Global Intelligence

At Corinium, we have been bringing together the brightest minds in data, AI and info sec since 2013, to innovate at the intersection of technological advancements and critical thinking.

DuckDuckGoose

DuckDuckGoose

DuckDuckGoose offer advanced solutions to protect against manipulated videos, images, voices and texts.