Every year, Verizon publishes the DBIR to help businesses adjust to the new threat landscape. After all, analyzing the latest threat data is like keeping your eye on your car mirrors—it helps you to see what’s coming from the back and avoid fatal blind spots.
This year around, Verizon DBIR has analyzed 79,635 incidents sampled from 88 countries around the world. The report found that while 5,258 of those incidents were confirmed cases of data breaches, close to 29,207 incidents in the list met the DBIR’s quality standards.
The latest DBIR edition breaks down its findings into 11 industries plus the SMB (small and medium businesses) aligned with its trademark Center for Internet Security (CIS) recommendation mapping.
In this post, we will look at the major trends across three industry verticals—Healthcare, Energy, and SMBs.
Let’s dive right in.
First off, healthcare deserves our heartfelt kudos for getting us all through the dystopian wasteland of 2020.
But the challenges for the healthcare sector are far from over. Coronavirus isn’t the only kind of threat that healthcare organizations are battling—it’s also the deluge of virus attacks online. Financially motivated cybercriminals continued to launch ransomware as their favorite weapon of choice to exploit money from healthcare institutions.
With a total of 86% of breaches—basic web app attacks, system intrusions, and miscellaneous errors topped the threat charts for the healthcare industry. None of these attacks fit the classic definition of malicious attacks.
Healthcare also saw a shift in threat attacks from its internal actors to external parties—a trend that is already common across all other industries. If this sustains, it’s a positive pattern for healthcare since no industry wants its own workforce to be the primary threat actors.
Interestingly, healthcare saw more cases of personal data being stolen than medical data. While the latter is clearly more valuable in terms of financial stakes, this paradigm shift can be mapped to an increase in external threats eclipsing internal threats.
Simply put, cybercriminals are only stealing what they can get their hands on because medical data has more layers of security around it than personal data.
The top three threat patterns across the mining, quarrying, and oil & gas industries were social engineering, system intrusion, and basic web application attacks—which represented 98% of all breaches in the energy sector.
As a result, these industries suffered mostly from theft of system credentials (94%), personal (7%), and internal (3%) data. Similar to other industries, businesses in the energy domain also continue to see a spike in ransomware attacks (44%).
The balance of attack sources tilts heavily towards external actors (98%) who were found primarily motivated by financial gains (78–100%).
Here’s a graph chart of how social engineering and widespread phishing campaigns rose to become the most dominant forces of data breach for the mining, quarrying, and oil & gas industries:
For its DBIR research, DBIR categorizes SMBs that have less than 1000 employees.
The report sampled 1037 incidents out of which 263 were confirmed data disclosure. As with other industries mentioned in the report, the usual culprits that represented 80% of data breaches in SMBs were system intrusions, miscellaneous errors, and basic web app attacks.
What makes SMB different from other industries is that there are two cohorts within this segment—large SMBs and small SMBs. The DBIR findings on SMBs are different based on the nuanced distinctions between these micro-segments.
While the top patterns remain fairly the same for the small cohorts, the larger SMBs saw a fair bit of change in the threat pattern. Their top three threat attacks for the large SMBs were crimeware, privilege misused, and everything else whereas now it’s the usual suspects mentioned above.
In 2021, the gap between the large and the small SMBs in terms of the number of breaches has also closed in. Last year, for example—the small SMB cohorts represented less than half of all breach incidents. This year, large organizations suffered from 307 attacks while the smaller companies accounted for 263 breaches.
While the majority of threat actors were external (64%), their leading motive was financial (87%) rather than espionage (5%), grudges (2%), or just for fun (2%). Internal threat actors contributed to 36% of the attacks spread across credentials (42%), personal (38%), internal (17%), or other types of data (34%) landscape.
At a glance, here’s what the DBIR’s findings look like:
Summary of Findings
In terms of region, North America got the bulk of financially motivated cyberattacks through a barrage of social engineering campaigns, hacking, and malware threats.
Social engineering and system intrusions led the trend with 35% each market share of the total attacks while basic web application attacks and miscellaneous errors fought for the second place in a close race.
What to do with this data?
While predicting the future is often a foolhardy thing to do—as was made clear by the predictions about 2020—that should not deter you from making contingency planning.
If you have recently done a security audit on your enterprise network, use the above data to compare it with your own security preparedness. Schedule an audit if you haven’t done it for 2021.
And if you aren’t confident about your current security posture, get help from the security experts. Let ITEGRITI develop and implement security programs for your business that mitigates cyber and compliance risk, monitor, and report ongoing program effectiveness. These programs help you avoid hacks and minimize business impact in the event of a security breach.
ITEGRITI works to protect some of the nation’s most critical infrastructure, serving clients in the energy, healthcare, transportation, education, retail and financial sectors.