Cybercrime continues to be a threat as remote working grows
As remote working surges in the face of the COVID-19 pandemic, end-to-end security from the cloud to the employee laptop becomes paramount, said Tami Erwin, CEO of Verizon Business.
“In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes becomes increasingly sophisticated and malicious.”
Erwin was speaking at the launch of the Verizon Business 2020 Data Breach Investigations Report (2020 DBIR), which highlighted that financial gain remains the key driver for cybercrime.
Nearly nine in 10 (86%) breaches investigated were financially-driven, with the vast majority of breaches (70%) continuing to be caused by external factors, with organised crimes accounting for 55% of these.
Credential theft and social attacks such as phishing and business email compromises cause the majority of breaches (over 67%), while the 2020 DBIR report also highlighted a year-over-year two-fold increase in web application breaches to 43%.
Stolen credentials were used in over 80% of these cases, which is a “worrying trend”, as business-critical workflows continue to move to the cloud, said Verizon Business.
Ransomware was found in 27% of malware incidents, a slight increase from the 24% reported in the 2019 DBIR. 18% of organisations also reported blocking at least one piece of ransomware in 2019.
Across sectors, 23% of malware incidents involved ransomware for manufacturing, compared to 61% for the public sector and 80% for the education services sector. Errors accounted for 33% of public sector breaches, but only 12% of manufacturing breaches.
The good news, highlighted Alex Pinto, lead author of the 2020 DBIR, is that there is a lot that organisations can do to protect themselves, including the ability to track common patterns with cyberattack journeys.
“[This is] a game changer that puts control back into the hands of organisations around the global,” Pinto added.
Linked to the order of threat actions such as error, malware, physical and hacking, breach pathways can help predict the eventual breach target, enabling attacks to be stopped in their tracks.
Organisations thus, are able to gain a “Defender’s Advantage” and better understand where to focus their security defenses, 2020 DBIR concluded.