Verizon report finds 85% of data breaches in 2020 involved human interaction

A report by Verizon has found that over 85% of data attacks in 2020 involved some form of human interaction.

The report – titled 2021 Data Breach Investigations Report (DBIR) found cases of phishing, web application and ransomware attacks all climbed during 2020 – a sign that hackers took advantage of the fact more people were working from home due to the Covid-19 pandemic.

The DBIR analysed 29,207 incidents of which 5,258 were confirmed breaches. This is one-third more compared to the same report last year.

According to the report, the median financial impact of a breach in 2020 was $21,659 – with 95% of cases ranging between $826 and $653,587. 95% of computer data breaches led to losses that came between the range of $148 and $1.6m, with a median loss of $30,000.

The median amount lost to ransomware was $11,150, and the range of losses in 95% of attacks that cost victims ranged from $70 to $1.2 million. Ransomware attacks and phishing attacks increased by 6% and 11%, respectively.

Phishing attacks during 2020 climbed considerably, with it seen in 36% of data breach cases – up from 25% the year prior. Data from the report showed attacks with negative changes over the year were misdelivery (-6%), dumper (-6%), privilege abuse (-5%), theft (-2%), vulnerability exploits (-2%), misconfiguration (-2%) and data mishandling (-2%).

Verizon senior information security data scientist and co-author of the report Gabe Bassett noted the 2021 report highlighted a ‘continued shift for the attackers towards the most efficient attacks and methods of monetisation’ – stating breaches were moving away from complexity towards simplicity.

The report stated most attackers were external and financially motivated, with organised crime the top attacker category. Meanwhile, overall percentage of attacks with a secondary motive – such as leveraging a victim’s access or assets to launch more attacks – decreased.

More than 60% of breaches included credential data, while 95% of organisations that experienced credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through 2020.

Only just trailing phishing as the most common form of social engineering was business email compromise (BEC), which has now doubled for two years in a row. Of the 58% of BEC attacks that were able to steal money, the median loss totalled $30,000, with 95% of BECs costing between $250 and $984,855.

Meanwhile, attacks on web applications made up 39% of all breaches in 2020, while nearly all (96%) mail servers that were compromised in these attacks were cloud-based.

Copyright © 2021 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.