The Verizon 2021 Data Breach Investigations Report was recently released, comprising analysis of 79,635 incidents, of which 5,258 were confirmed data breaches, across 88 countries. In this blog we look at the results through the lens of third party risk and the increased risk surface that came with the switch to the cloud.
Before we dive in, it’s important to understand the terms that the report is based on:
- Incident: A security event that compromises the integrity, confidentiality or availability of an information asset.
- Breach: An incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party.
Verizon 2021 Data Breach Investigations Report Main Findings
The authors pointed out a notable change in how threat actors “will first exfiltrate the data they encrypt so that they can threaten to reveal it publicly if the victim does not pay the ransom”. Ransomware continues to be a threat to all types of organizations, as the latest attack on Colonial Pipeline energy provider showed.
Here are some of the main findings from the Verizon 2021 Data Breach Investigations Report:
- Social engineering is the most successful attack, with Business Email Compromise as the second most common form of social engineering
- 85% of breaches involved a human element
- The top cyberattack vector in breaches is web application servers
- Credentials remain one of the most sought-after data types, followed by personal information
- Denial of service is the most frequent way incidents occur
- External cloud assets were compromised more than on-premises assets
- Older vulnerabilities that haven’t been patched are being exploited by attackers
Although some of these findings make the list every year, the context of this edition was unlike any other. 2020 was a year of unprecedented security challenges facing businesses as they moved more of their business functions to the cloud. In fact, attacks on web applications represent 39% of all breaches.