Verizon has released its Data Breach Investigation Report (DBiR) for year 2021. With 29,207 quality incidents analysed, of which 5,258 were confirmed breaches, the DBiR provides a comprehensive snapshot of the state of cybersecurity globally. Among the key stats were an 11% increase in phishing attacks, a 6% increase in ransomware, and the finding that a staggering 85% of breaches involved a human element.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>The Verizon DBIR report has reinforced what most of us already know. That is, cyber threats are growing in frequency, particularly as most of us are working remotely. We cannot forget though, the people and teams working hard every day to protect our businesses which are already under significant financial pressures in today’s tough economic environment. Indeed, our recent <em>IAMokay Mental Health Survey,</em> which included 250 tech leaders across the globe, revealed that more than 77% of respondents believed the pandemic has increased their work-related stress. When asked about their workload, 86% of respondents reported their workload increased during the pandemic. The stress that our security teams bear should not be neglected. All organisations must ensure they are looking out for the mental health and wellbeing of these teams if they hope to effectively defend themselves from bad actors. One critical step organisations can take to prevent breaches as well as reduce stress and strain on security operations teams is to streamline access control.</p>
<p>Phishing continues to be a potent weapon for cybercriminals to breach their victims. It’s a numbers game in which attackers can send thousands of emails varying their approach to bypass phishing filters. It’s only a matter of time before some get through to end user’s mailboxes and fool them into divulging account credentials or opening a malicious attachment.</p> <p> </p> <p>Ransomware continues to be a pervasive scourge on organizations of all verticals. The meteoric rise of cryptocurrency has effectively, if inadvertently, monetized every network in the world for cybercriminals. Their continued success in extorting victims across the globe has provided these criminal operations with budgets that are larger than most of the organizations they target. These budgets allow them to acquire talented hackers as well as custom zero-day exploits that make them incredibly successful in quickly compromising entire computer networks. With these resources, often all that is necessary for these attackers to succeed is for a single successful phishing email to land or acquiring one compromised account password.</p> <p> </p> <p>Cloud environments are popular new vectors for attack as organizations rush to take advantage of nearly limitless scalability, however, they can also expose massive amounts of data if administrators do not understand the ins and outs of the particular cloud platform or are moving what was previously protected by their on-premises network firewall to the publicly accessible cloud.</p> <p> </p> <p>To remain secure in today’s threat landscape organizations must adopt a culture of security, starting with the awareness that every business is actively targeted by cybercriminals on a daily basis and that absent this cultural approach can suffer potentially catastrophic damages stemming from loss of operations, data theft, ransomware, and reputational harm. This cultural process starts with education and awareness initiative targeted at all personnel roles from executive leadership to line of business employees to understand their role in protecting the organization. Further, adoption of security hardening best practices, ongoing monitoring for suspicious behavior, and regular testing to ensure that no gaps have been missed are critical for surviving modern threat actors.</p>
<p>The numbers don’t lie –83% of breaches in the financial and insurance sector involved personal data, more than any other sector. With regulatory changes oriented around fresh data privacy requirements and pending NACHA compliance enforcement over payment and personal data, modern data privacy compliance has to be a top agenda item as the sector continues its cloud-transformation journey, collecting more powerful yet regulated data than ever in the process.</p>
<p>\"Phishing is responsible for the vast majority of breaches in this pattern, with cloud-based email servers being a target of choice.\" – VDBIR 2021<br /><br /></p> <p>For the past several years, this report has repeatedly shown that phishing or other social engineering is the initial attack vector for the breach. Cybercriminals are evolving their social engineering attacks through creative means. Whether it\’s a password reset to a social media account, or having kits that can automatically insert the logo of the target company, or even misinformation about the gas shortage and where to find gas have caused people to fall for the phishing lures of curiosity, fear, or greed.</p> <p><br /><br />Organizations will need to continue to take the necessary steps to increase security awareness training. Still, the gap between awareness and action to protect the organization is the next step of improving the organization\’s security culture and having cybersecurity on the mind of all users.</p>
<p>There were 3.3 Billion malicious login attempts. Think about that. World population is 7.6B, 61% of breaches involved credential data. This is why we and other experts urge organizations to use passwordless authentication.</p> <p> </p> <p>You cannot attack, steal, reuse, share, write down or divulge, something you don’t have. No password means no phishing, no credential stuffing, and no human error from forgotten passwords, shared passwords, reused passwords or weak passwords.</p> <p> </p> <p>This report underscores that context aware multi factor authentication that is risk aware, and minimized human error needs to be adopted and deployed broadly. These findings show why we urge organizations to implement intelligent passwordless authentication that is all inclusive with the largest possible support for authenticators.</p> <p> </p> <p>More remote workers, more applications in the cloud, more business logic available via API, more distractions, more accounts all lead to credential overload and cognitive overload. This credential overload causes humans to make mistakes, whether they are clicking on phish bait, or reusing credentials, or sharing sensitive information via open channels. As an industry, we need to help reduce the cognitive overload that comes from multiple credentials and multiple accounts.</p> <p> </p> <p>A lot of the attacks mentioned also interlink. E.g. a phishing email can lead to credential exposure, to credential stuffing, to malware installation, and then to ransomware. Credentials are the pivot point of the problem.</p>