From phishing attacks, identity theft to brand impersonation attacks, cybercriminals leveraged all kinds of attack vectors during the pandemic. This resulted in a huge number of cyberattacks being reported since last year. According to the “Verizon Business 2021 Data Breach Investigations Report (DBIR),” phishing and ransomware attacks increased by 11% and 6% respectively, and misrepresentation increased by 15% due to remote working conditions. The report analyzed 29,207 quality incidents, out of which 5,258 were breaches from 83 contributors across the globe.
“The COVID-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing. As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures,” said Tami Erwin, CEO, Verizon Business.
- Over 85% of breaches involved a human element, while over 80% of breaches were discovered by external parties.
- Breach simulations found the average financial impact of a breach is $21,659, with 95% of incidents falling between $826 and $653,587.
- The report also highlighted the challenges facing businesses as they move more of their business functions to the cloud – with attacks on web applications representing 39% of all breaches.
- In the financial and insurance sector, 83% of data compromised in breaches was personal data, whilst in Professional, Scientific, and Technical services only 49% was personal. The financial sector frequently faces credential and ransomware attacks from external actors.
- Basic human error continues to beset the health care sector for many years. The most common error continues to be misdelivery (36%), whether electronic or paper documents.
- Social engineering and phishing attacks are at an alarming high in the public administration
- The retail industry continues to be a target for financially motivated cybercriminals looking to cash in on the combination of payment cards and personal information. Social tactics include pretexting and phishing, with the former commonly resulting in fraudulent money transfers.
Cyberattack Landscape During the Pandemic
The 2021 DBIR received insights from over 83 contributors who provided specific data inputs about regional cyber trends. These include:
- Asia Pacific (APAC) – Many of the security breaches in APAC were caused by financially motivated attackers phishing employees for credentials, and then using those stolen creds to gain access to mail accounts and web application servers.
- Europe, Middle East, and Africa (EMEA) – The region continues to be beset by web application attacks, system intrusion, and social engineering.
- Northern America (NA) – NA is often the target of cybercriminals searching for money or easily monetizable data. Social engineering, hacking, and malware attacks continue to be the favored tools utilized by actors in this region.
“When you read the contents of the report, it is tempting to think that a vast array of threats demands a sweeping and revolutionary solution. However, the reality is far more straightforward. The truth is that, whilst organizations should prepare to deal with exceptional circumstances, the foundation of their defenses should be built on strong fundamentals – addressing and mitigating the threats most pertinent to them,” said Alex Pinto, Lead Author of the DBIR.