Skip to main content

Cybercrime thrives during pandemic: Verizon 2021 Data Breach Investigations Report

Written by Customer Service on . Posted in Public Companies.

Increase in phishing and ransomware attacks – along with continued high numbers of Web Application Attacks – underscore a year of unprecedented security challenges

What you need to know:

  • Report analyzes 29,207 quality incidents, of which 5,258 were confirmed breaches
  • Phishing attacks increased by 11 percent, while attacks using ransomware rose by 6 percent
  • 85 percent of breaches involved a human element, while over 80 percent of breaches were discovered by external parties
  • Breach simulations found the median financial impact of a breach is $21,659, with 95 percent of incidents falling between $826 and $653,587

BASKING RIDGE, N.J., May 13, 2021 (GLOBE NEWSWIRE) — The Verizon Business 2021 Data Breach Investigations Report (2021 DBIR) examines more breaches than ever before, and sheds light on how the most common forms of cyber attacks affected the international security landscape during the global pandemic. This year’s report saw 5,258 breaches from 83 contributors across the globe, a third more breaches analyzed than last year.

With an unprecedented number of people working remotely, phishing and ransomware attacks increased by 11 percent and 6 percent respectively, with instances of Misrepresentation increasing by 15 times compared to last year. Additionally, breach data showed that 61 percent of breaches involved credential data (95 percent of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year).

The report also highlighted the challenges facing businesses as they move more of their business functions to the cloud – with attacks on web applications representing 39% of all breaches.

“The COVID-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing,” said Tami Erwin, CEO, Verizon Business. “As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures.”

This year, the Incident Classification Patterns the DBIR report team uses to classify security threats have also been improved and refreshed. The updated report patterns explain 95.8 percent of analyzed breaches and 99.7 percent of analyzed incidents over all time, and should provide customers with a better understanding of the threats that exist, and how their organizations can best avoid them.

Industries under the spotlight

The 2021 DBIR includes detailed analysis of 12 industries, and shows that, while security remains a challenge across the board, there are significant differences across verticals. For example, in Financial and Insurance industries, 83 percent of data compromised in breaches was personal data, whilst in Professional, Scientific and Technical services only 49 percent was personal. Further highlights include:

  • Financial and Insurance – Misdelivery represented 55 percent of Financial sector errors. The Financial sector frequently faces credential and Ransomware attacks from External actors.
  • Healthcare – Basic human error continues to beset this industry as it has for the past several years. The most common Error continues to be Misdelivery (36 percent), whether electronic or of paper documents.
  • Public Administration – By far the biggest threat in this industry is the social engineer. Actors who can craft a credible phishing email are absconding with Credentials data at an alarming rate in this sector.
  • Retail Trade – The Retail industry continues to be a target for Financially motivated criminals looking to cash in on the combination of Payment cards and Personal information this sector is known for. Social tactics include Pretexting and Phishing, with the former commonly resulting in fraudulent money transfers.

Regional trends

The 83 contributors involved with the 2021 DBIR have provided the report with specific insights into regional cyber-trends highlighting key similarities and differences between
them.

  • Asia Pacific (APAC) – Many of the breaches that took place in APAC were caused by Financially motivated attackers Phishing employees for creds, and then using those stolen creds to gain access to mail accounts and web application servers.
  • Europe, Middle East and Africa (EMEA) – EMEA continues to be beset by Basic Web Application Attacks, System Intrusion, and Social Engineering.
  • Northern America (NA) – NA is often the target of Financially motivated actors searching for money or easily monetizable data. Social Engineering, Hacking and Malware continue to be the favored tools utilized by actors in this region.

Alex Pinto, Lead Author of the DBIR, comments, “When you read the contents of the report, it is tempting to think that a vast array of threats demands a sweeping and revolutionary solution. However, the reality is far more straightforward. The truth is that, whilst organizations should prepare to deal with exceptional circumstances, the foundation of their defences should be built on strong fundamentals – addressing and mitigating the threats most pertinent to them.”

About the DBIR

The 2021 DBIR – its 14th edition – analyzed 29,207 security incidents, of which 5,258 were confirmed breaches (a significant increase on the 3,950 breaches analyzed in last year’s report. Data collected from 83 contributors, with victims spanning 88 countries; 12 industries, and 3 world regions.

The complete 2021 Data Breach Investigations Report as well as Executive Summary is available on the DBIR resource page.

Join us – virtual event: Cybercrime and the pandemic – May 13 at 8amET
Join our virtual fireside chat with Nasrin Rezai (Chief Information Security Officer, Verizon), Sampath Sowmyanarayan (Chief Revenue Officer, Verizon) and Chris Novak (Director Professional Services, Verizon) as they discuss the security challenges heightened by the pandemic and the cybercrime trends that will continue to shape business security. No registration is required, click here at 8amET on May 13 to join.

Visit the DBIR landing page for a comprehensive list of all our DBIR webinars and events.

Verizon Communications Inc. (NYSE, Nasdaq: VZ) was formed on June 30, 2000 and is one of the world’s leading providers of technology, communications, information and entertainment products and services. Headquartered in New York City and with a presence around the world, Verizon generated revenues of $128.3 billion in 2020. The company offers data, video and voice services and solutions on its award-winning networks and platforms, delivering on customers’ demand for mobility, reliable network connectivity, security and control.

VERIZON’S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at verizon.com/news. News releases are also available through an RSS feed. To subscribe, visit www.verizon.com/about/rss-feeds/.

Media contact:
Timo Burbidge
timo.burbidge@uk.verizon.com

 

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.