Verizon Data Breach Investigations Report Shows Increases in Phishing and Ransomware

With an unprecedented number of people working remotely, phishing and ransomware attacks increased by 11 percent and 6 percent respectively, with instances of Misrepresentation increasing by 15 times compared to last year.

This is according to the newly released Verizon Business 2021 Data Breach Investigations Report (2021 DBIR) which analyzes 29,207 security incidents collected from 83 victims spanning 88 countries, 12 industries, and 3 world regions. The report sheds light on how the most common forms of cyberattacks affected the international security landscape during the global pandemic. This year’s report saw 5,258 breaches across the globe; one-third more breaches than last year.

More than 60% of the breaches involved credential data (95 percent of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year). The report also highlighted the challenges facing businesses as they move more of their business functions to the cloud – with attacks on web applications representing 39% of all breaches.

“The COVID-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing,” said Tami Erwin, CEO of Verizon Business. “As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures”.

Analysis of 12 industries shows that, while security remains a challenge across the board, there are significant differences across verticals. For example, in Financial and Insurance industries, 83 percent of data compromised in breaches was personal data, while in Professional, Scientific and Technical services only 49 percent was personal.

Among other highlights, the Financial sector frequently faces credential and Ransomware attacks from External actors. Basic human error continues to beset the healthcare industry as it has for the past several years. The biggest threat impacting Public Administration is the social engineer. Actors who can craft a credible phishing email are absconding with credentials data at an alarming rate in this sector.

The Retail industry continues to be a target for financially motivated criminals looking to cash in on the combination of payment cards and personal information this sector is known for. Social tactics include Pretexting and Phishing, with the former commonly resulting in fraudulent money transfers.

Channel Impact^®
The report outlines a wide variety of threats impacting businesses all over the world. The data underscores the need for solid IT security that is constantly updated and refreshed.