{"id":2900,"date":"2021-05-28T20:17:06","date_gmt":"2021-05-28T20:17:06","guid":{"rendered":"https:\/\/itegriti.com\/staging\/?p=2900"},"modified":"2021-06-01T14:35:35","modified_gmt":"2021-06-01T14:35:35","slug":"verizon-data-breach-report-2021-healthcare-energy-and-smbs-have-it-rough","status":"publish","type":"post","link":"https:\/\/itegriti.com\/staging\/2021\/managed-services\/verizon-data-breach-report-2021-healthcare-energy-and-smbs-have-it-rough\/","title":{"rendered":"Verizon Data Breach Report 2021: Healthcare, Energy, and SMBs Have It Rough"},"content":{"rendered":"

[fusion_builder_container hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” hundred_percent_height_center_content=”yes” equal_height_columns=”no” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” border_style=”solid” type=”legacy” admin_toggled=”no”][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ spacing=”” center_content=”no” link=”” target=”_self” min_height=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_image_id=”” background_position=”left top” background_repeat=”no-repeat” hover_type=”none” border_color=”” border_style=”solid” border_position=”all” border_radius=”” box_shadow=”no” dimension_box_shadow=”” box_shadow_blur=”0″ box_shadow_spread=”0″ box_shadow_color=”” box_shadow_style=”” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”” margin_bottom=”” animation_type=”” animation_direction=”left” animation_speed=”0.3″ animation_offset=”” last=”true” border_sizes_top=”0″ border_sizes_bottom=”0″ border_sizes_left=”0″ border_sizes_right=”0″ first=”true”][fusion_text columns=”” column_min_width=”” column_spacing=”” rule_style=”default” rule_size=”” rule_color=”” content_alignment_medium=”” content_alignment_small=”” content_alignment=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” class=”” id=”” margin_top=”” margin_right=”” margin_bottom=”” margin_left=”” font_size=”” fusion_font_family_text_font=”” fusion_font_variant_text_font=”” line_height=”” letter_spacing=”” text_color=”” animation_type=”” animation_direction=”left” animation_speed=”0.3″ animation_offset=””]<\/p>\n

Once again, the cybercriminals are out on a phishing expedition. Motivated mostly by making financial gains, their talons are out to prey on unsuspecting businesses.<\/p>\n

Thankfully, there\u2019s data to the rescue.<\/p>\n

With the fresh launch of the 14th edition of the Verizon 2021 Data Breach Investigations Report (DBIR)<\/a>, it\u2019s obvious that businesses across all industries should re-evaluate their security priorities.<\/p>\n

Every year, Verizon publishes the DBIR to help businesses adjust to the new threat landscape. After all, analyzing the latest threat data is like keeping your eye on your car mirrors\u2014it helps you to see what\u2019s coming from the back and avoid fatal blind spots.<\/p>\n

This year around, Verizon DBIR has analyzed 79,635 incidents sampled from 88 countries around the world. The report found that while 5,258 of those incidents were confirmed cases of data breaches, close to 29,207 incidents in the list met the DBIR\u2019s quality standards.<\/p>\n

The latest DBIR edition breaks down its findings into 11 industries plus the SMB (small and medium businesses) aligned with its trademark Center for Internet Security (CIS) recommendation mapping.<\/p>\n

In this post, we will look at the major trends across three industry verticals\u2014Healthcare, Energy, and SMBs.<\/p>\n

Let\u2019s dive right in.<\/p>\n

Healthcare<\/h2>\n

First off, healthcare deserves our heartfelt kudos for getting us all through the dystopian wasteland of 2020.<\/p>\n

But the challenges for the healthcare sector are far from over. Coronavirus isn\u2019t the only kind of threat that healthcare organizations are battling\u2014it\u2019s also the deluge of virus attacks online. Financially motivated cybercriminals continued to launch ransomware as their favorite weapon of choice to exploit money from healthcare institutions.<\/p>\n

With a total of 86% of breaches\u2014basic web app attacks, system intrusions, and miscellaneous errors topped the threat charts for the healthcare industry. None of these attacks fit the classic definition of malicious attacks.<\/p>\n

Healthcare also saw a shift in threat attacks from its internal actors to external parties\u2014a trend that is already common across all other industries. If this sustains, it\u2019s a positive pattern for healthcare since no industry wants its own workforce to be the primary threat actors.<\/p>\n

\"\"<\/p>\n

Interestingly, healthcare saw more cases of personal data being stolen than medical data. While the latter is clearly more valuable in terms of financial stakes, this paradigm shift can be mapped to an increase in external threats eclipsing internal threats.<\/p>\n

Simply put, cybercriminals are only stealing what they can get their hands on because medical data has more layers of security around it than personal data.<\/p>\n

Energy<\/h2>\n

The top three threat patterns across the mining, quarrying, and oil & gas industries were social engineering, system intrusion, and basic web application attacks\u2014which represented 98% of all breaches in the energy sector.<\/p>\n

As a result, these industries suffered mostly from theft of system credentials (94%), personal (7%), and internal (3%) data. Similar to other industries, businesses in the energy domain also continue to see a spike in ransomware attacks (44%).<\/p>\n

The balance of attack sources tilts heavily towards external actors (98%) who were found primarily motivated by financial gains (78\u2013100%).<\/p>\n

Here\u2019s a graph chart of how social engineering and widespread phishing campaigns rose to become the most dominant forces of data breach for the mining, quarrying, and oil & gas industries:<\/p>\n

\"\"<\/p>\n

SMBs<\/h2>\n

For its DBIR research, DBIR categorizes SMBs that have less than 1000 employees.<\/p>\n

The report sampled 1037 incidents out of which 263 were confirmed data disclosure. As with other industries mentioned in the report, the usual culprits that represented 80% of data breaches in SMBs were system intrusions, miscellaneous errors, and basic web app attacks.<\/p>\n

What makes SMB different from other industries is that there are two cohorts within this segment\u2014large SMBs and small SMBs. The DBIR findings on SMBs are different based on the nuanced distinctions between these micro-segments.<\/p>\n

While the top patterns remain fairly the same for the small cohorts, the larger SMBs saw a fair bit of change in the threat pattern. Their top three threat attacks for the large SMBs were crimeware, privilege misused, and everything else whereas now it\u2019s the usual suspects mentioned above.<\/p>\n

In 2021, the gap between the large and the small SMBs in terms of the number of breaches has also closed in. Last year, for example\u2014the small SMB cohorts represented less than half of all breach incidents. This year, large organizations suffered from 307 attacks while the smaller companies accounted for 263 breaches.<\/p>\n

While the majority of threat actors were external (64%), their leading motive was financial (87%) rather than espionage (5%), grudges (2%), or just for fun (2%). Internal threat actors contributed to 36% of the attacks spread across credentials (42%), personal (38%), internal (17%), or other types of data (34%) landscape.<\/p>\n

At a glance, here\u2019s what the DBIR\u2019s findings look like:<\/p>\n

Summary of Findings<\/span><\/strong><\/h2>\n

\"\"<\/p>\n

In terms of region, North America got the bulk of financially motivated cyberattacks through a barrage of social engineering campaigns, hacking, and malware threats.<\/p>\n

Social engineering and system intrusions led the trend with 35% each market share of the total attacks while basic web application attacks and miscellaneous errors fought for the second place in a close race.<\/p>\n

What to do with this data?<\/h2>\n

While predicting the future is often a foolhardy thing to do\u2014as was made clear by the predictions about 2020\u2014that should not deter you from making contingency planning.<\/p>\n

Some media reports claim that CISOs all over the world are expecting a series of devastating cyberattacks in the next 12 months<\/a>. As much as it sounds apocalyptic, it doesn\u2019t hurt to be ready against all imminent threats.<\/p>\n

If you have recently done a security audit on your enterprise network, use the above data to compare it with your own security preparedness. Schedule an audit if you haven\u2019t done it for 2021.<\/p>\n

And if you aren\u2019t confident about your current security posture, get help from the security experts. Let ITEGRITI develop and implement security programs for your business that mitigates cyber and compliance risk, monitor, and report ongoing program effectiveness. These programs help you avoid hacks and minimize business impact in the event of a security breach.<\/p>\n

ITEGRITI works to protect some of the nation\u2019s most critical infrastructure, serving clients in the energy, healthcare, transportation, education, retail and financial sectors.<\/p>\n

To learn more, visit ITEGRITI\u2019s homepage<\/a> or follow them on LinkedIn<\/a> and Twitter<\/a>.<\/p>\n

[\/fusion_text][\/fusion_builder_column][\/fusion_builder_row][\/fusion_builder_container]<\/p>\n","protected":false},"excerpt":{"rendered":"

Once again, the cybercriminals are out on a phishing expedition. Motivated mostly by making financial gains, their talons are out to prey on unsuspecting businesses. Thankfully, there\u2019s data to the rescue.<\/p>\n","protected":false},"author":44,"featured_media":2910,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2180],"tags":[],"_links":{"self":[{"href":"https:\/\/itegriti.com\/staging\/wp-json\/wp\/v2\/posts\/2900"}],"collection":[{"href":"https:\/\/itegriti.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itegriti.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itegriti.com\/staging\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/itegriti.com\/staging\/wp-json\/wp\/v2\/comments?post=2900"}],"version-history":[{"count":8,"href":"https:\/\/itegriti.com\/staging\/wp-json\/wp\/v2\/posts\/2900\/revisions"}],"predecessor-version":[{"id":2924,"href":"https:\/\/itegriti.com\/staging\/wp-json\/wp\/v2\/posts\/2900\/revisions\/2924"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/itegriti.com\/staging\/wp-json\/wp\/v2\/media\/2910"}],"wp:attachment":[{"href":"https:\/\/itegriti.com\/staging\/wp-json\/wp\/v2\/media?parent=2900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itegriti.com\/staging\/wp-json\/wp\/v2\/categories?post=2900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itegriti.com\/staging\/wp-json\/wp\/v2\/tags?post=2900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}