Experts Responses on Verizon DBiR Findings

Verizon has released its Data Breach Investigation Report (DBiR) for year 2021. With 29,207 quality incidents analysed, of which 5,258 were confirmed breaches, the DBiR provides a comprehensive snapshot of the state of cybersecurity globally. Among the key stats were an 11% increase in phishing attacks, a 6% increase in ransomware, and the finding that a staggering 85% of breaches involved a human element. 

Notify of
9 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Eoin Keary
Eoin Keary , CEO and Cofounder
InfoSec Expert
May 13, 2021 11:11 am

<p>With the DBiR report, the team at Verizon provide an invaluable service to the security community across the globe, and we are delighted to have been part of the effort for the third year running.</p> <p> </p> <p>While it’s hard to establish causality, the data in the report confirms the impression that attackers certainly aren’t hindered in their efforts by global crises and are ready to opportunistically exploit any gap in the fence to pursue their objectives. For this reason, it is ever more important for the cybersecurity industry to come together and join forces to fight the challenges facing organisations today.</p>

Last edited 1 year ago by Eoin Keary
Dan Conrad
Dan Conrad , Field Strategist
InfoSec Expert
May 13, 2021 11:13 am

<p>The last year has been an interesting transition for the concept of cybersecurity and, based on this information, protecting the identity and credentials of people and systems is now spotlighted.   </p> <p> </p> <p>\"85 percent of breaches involved a human element” – again, Identity is the security perimeter.  We MUST find ways to protect us from ourselves.  With that, I believe there is a shift in the mindset of the employee and consumer where they are starting to appreciate the protection of their own credentials.  If we can protect our enterprises from our employees by simply embracing enhanced authentication (a.k.a. multifactor) then we are taking the right steps to protect our enterprises and adjusting the mindset of the user.  In the new world of remote workers accessing everything from everywhere, anytime, ensuring they are who they say they are is critical.</p> <p> </p> <p>This concept applies to the 11% uptick in phishing attacks.  These attacks are specifically trying to get credentials, particularly usernames and passwords.  So if we protect enterprises with MFA, the consequences of a user providing their credentials to a malicious actor are much less relevant.  All of these concepts are actionable and provide direct results.  Given, measuring the number of times your data wasn’t compromised is difficult.</p>

Last edited 1 year ago by Dan Conrad
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
May 13, 2021 11:15 am

<p>The Internet is growing, usage by even longtime users is growing, business online is growing, so it\’s not a shock at all that the dark side of the Internet is growing too. No one should be surprised by this. But there are two remarkable things to pick out of the noise. First, that the dark side is growing faster and getting better at their craft than the light side. In other words, asymmetry in cyber conflict is more and more favouring attackers as they hone their skills and tools. Second, that some forms of attack are in hyper-growth with two standouts: ransomware and supply chain attacks. These trends aren\’t going to slow, so it demands that businesses really bridge the security-business divide and take the right steps to ensure future safety and growth. There are ways to prepare now, to get prevention in place, to enable a detection strategy, and to develop resilience and recovery in peacetime. Companies can reduce the likelihood and the impact of attacks to acceptable levels and must do so if they hope to compete in the remainder of the 21st century.</p>

Last edited 1 year ago by Sam Curry
Tom Garrubba
Tom Garrubba , Senior Director and CISO
InfoSec Expert
May 14, 2021 10:59 am

<p>This report continues to provide eye-opening details of the perilous world organizations must operate in and it appears to be getting worse. As we all see a flood of breaches soaking various industries, organizations need to realize the importance of preparation and practice against such cyber threats. You, your vendors, and your supply chain, must make every attempt to ensure you possess a cyber “A-game” and review the efficacy of critical cyber processes such as access assignments, monitoring, and log reviews constantly to identify vulnerabilities. Whether it is an outside or an inside threat, the tide of cyber attacks is not receding and it may soon be your time to sink or swim</p>

Last edited 1 year ago by Tom Garrubba
Baber Amin
Baber Amin , COO
InfoSec Expert
May 14, 2021 11:02 am

<p>There were 3.3 Billion malicious login attempts.  Think about that.  World population is 7.6B, 61% of breaches involved credential data. This is why we and other experts urge organizations to use passwordless authentication.</p> <p> </p> <p>You cannot attack, steal, reuse, share, write down or divulge, something you don’t have. No password means no phishing, no credential stuffing, and no human error from forgotten passwords, shared passwords, reused passwords or weak passwords.</p> <p> </p> <p>This report underscores that context aware multi factor authentication that is risk aware, and minimized human error needs to be adopted and deployed broadly. These findings show why we urge organizations to implement intelligent passwordless authentication that is all inclusive with the largest possible support for authenticators.</p> <p> </p> <p>More remote workers, more applications in the cloud, more business logic available via API, more distractions, more accounts all lead to credential overload and cognitive overload. This credential overload causes humans to make mistakes, whether they are clicking on phish bait, or reusing credentials, or sharing sensitive information via open channels. As an industry, we need to help reduce the cognitive overload that comes from multiple credentials and multiple accounts.</p> <p> </p> <p>A lot of the attacks mentioned also interlink.  E.g. a phishing email can lead to credential exposure, to credential stuffing, to malware installation, and then to ransomware. Credentials are the pivot point of the problem.</p>

Last edited 1 year ago by Baber Amin
James McQuiggan
James McQuiggan , Security Awareness Advocate
InfoSec Expert
May 14, 2021 2:30 pm

<p>\"Phishing is responsible for the vast majority of breaches in this pattern, with cloud-based email servers being a target of choice.\" – VDBIR 2021<br /><br /></p> <p>For the past several years, this report has repeatedly shown that phishing or other social engineering is the initial attack vector for the breach. Cybercriminals are evolving their social engineering attacks through creative means. Whether it\’s a password reset to a social media account, or having kits that can automatically insert the logo of the target company, or even misinformation about the gas shortage and where to find gas have caused people to fall for the phishing lures of curiosity, fear, or greed.</p> <p><br /><br />Organizations will need to continue to take the necessary steps to increase security awareness training. Still, the gap between awareness and action to protect the organization is the next step of improving the organization\’s security culture and having cybersecurity on the mind of all users.</p>

Last edited 1 year ago by James McQuiggan
Mark Bower
Mark Bower , Senior Vice President
InfoSec Expert
May 14, 2021 2:42 pm

<p>The numbers don’t lie –83% of breaches in the financial and insurance sector involved personal data,  more than any other sector. With regulatory changes oriented around fresh data privacy requirements and pending NACHA compliance enforcement over payment and personal data, modern data privacy compliance has to be a top agenda item as the sector continues its cloud-transformation journey, collecting more powerful yet regulated data than ever in the process.</p>

Last edited 1 year ago by Mark Bower
Chris Clements
Chris Clements , VP
InfoSec Expert
May 14, 2021 2:44 pm

<p>Phishing continues to be a potent weapon for cybercriminals to breach their victims. It’s a numbers game in which attackers can send thousands of emails varying their approach to bypass phishing filters. It’s only a matter of time before some get through to end user’s mailboxes and fool them into divulging account credentials or opening a malicious attachment.</p> <p> </p> <p>Ransomware continues to be a pervasive scourge on organizations of all verticals. The meteoric rise of cryptocurrency has effectively, if inadvertently, monetized every network in the world for cybercriminals. Their continued success in extorting victims across the globe has provided these criminal operations with budgets that are larger than most of the organizations they target. These budgets allow them to acquire talented hackers as well as custom zero-day exploits that make them incredibly successful in quickly compromising entire computer networks. With these resources, often all that is necessary for these attackers to succeed is for a single successful phishing email to land or acquiring one compromised account password.</p> <p> </p> <p>Cloud environments are popular new vectors for attack as organizations rush to take advantage of nearly limitless scalability, however, they can also expose massive amounts of data if administrators do not understand the ins and outs of the particular cloud platform or are moving what was previously protected by their on-premises network firewall to the publicly accessible cloud.</p> <p> </p> <p>To remain secure in today’s threat landscape organizations must adopt a culture of security, starting with the awareness that every business is actively targeted by cybercriminals on a daily basis and that absent this cultural approach can suffer potentially catastrophic damages stemming from loss of operations, data theft, ransomware, and reputational harm. This cultural process starts with education and awareness initiative targeted at all personnel roles from executive leadership to line of business employees to understand their role in protecting the organization. Further, adoption of security hardening best practices, ongoing monitoring for suspicious behavior, and regular testing to ensure that no gaps have been missed are critical for surviving modern threat actors.</p>

Last edited 1 year ago by Chris Clements
Niamh Muldoon
Niamh Muldoon , Senior Director of Trust and Security EMEA
InfoSec Expert
May 18, 2021 11:43 am

<p>The Verizon DBIR report has reinforced what most of us already know. That is, cyber threats are growing in frequency, particularly as most of us are working remotely. We cannot forget though, the people and teams working hard every day to protect our businesses which are already under significant financial pressures in today’s tough economic environment. Indeed, our recent <em>IAMokay Mental Health Survey,</em> which included 250 tech leaders across the globe, revealed that more than 77% of respondents believed the pandemic has increased their work-related stress. When asked about their workload, 86% of respondents reported their workload increased during the pandemic. The stress that our security teams bear should not be neglected. All organisations must ensure they are looking out for the mental health and wellbeing of these teams if they hope to effectively defend themselves from bad actors. One critical step organisations can take to prevent breaches as well as reduce stress and strain on security operations teams is to streamline access control.</p>

Last edited 1 year ago by Niamh Muldoon
Information Security Buzz
Would love your thoughts, please comment.x