Verizon’s 2021 Data Breach Report: Same, Same, but Different
Verizon just released its 14th edition of the Verizon Data Breach Incident Report (DBIR) covering 2020’s foray into cybersecurity. Most of the top incident threats mirror last year’s report, with an increase in phishing, ransomware and credential theft in the wake of the worldwide pandemic and organizations rapid adoption of remote work. It’s fair to say that 2020 was impossible to predict, but had a significant impact. With the move to remote work came an increase in malware and social engineering attacks that exploited general communications like emails.
The DBIR analyzed 29,207 security incidents with 5,258 confirmed breaches, up a third from last year’s report. Verizon collected data from 88 countries, 12 industries, three world regions and 83 contributors. This year’s report states, “phishing and ransomware attacks increased by 11% and 6% respectively, with instances of Misrepresentation increasing by 15 times compared to last year. Additionally, breach data showed that 61% of breaches involved credential data (95% of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year).”
The DBIR Numbers at a Glance
Report analyzes 29,207 quality incidents, 5,258 of which were confirmed breaches
Phishing attacks increased by 11%, while attacks using ransomware rose by 6%
85% of breaches involved a human element
61% of breaches involved credentials
Ransomware appeared in 10% of breaches, double the previous year.
Compromised external cloud assets were more common than on-premises assets in incidents and breaches.
Breach simulations found the median financial impact of a breach is $21,659, with 95% of incidents falling between $826 and $653,587
“As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures” —Tami Erwin, Executive Vice President and CEO, Verizon Business
Phishing, Ransomware and Malware Up From Last Year
As in previous years, greed and human error continue to drive data breaches. Social engineering and Denial of Service (DoS) attacks remain high.
The DBIR states that phishing, ransomware, web app attacks dominated data breaches in 2020. Throughout the pandemic there was an uptick in phishing campaigns. ZNet reports, “Email scams related to Covid-19 surged 667% in March (2020) alone.” Insights from the report reveal that among 1,148 people who received real and simulated phishes, none of them clicked the simulated phish but 2.5% clicked the real phishing email, reinforcing the need for better phishing simulations and security education training.
“Phishing is responsible for the vast majority of breaches in this pattern, with cloud-based email servers being a target of choice." — 2021 Verizon DBIR
The federal government had a tough year when it came to data breaches and ransomware attacks. According to the Federal News Network, in the first quarter of 2020, government agencies saw a 278% year-over-year increase in compromised information, totaling more than 17 million records while institutions were hit with an unprecedented number of ransomware attacks that cost the US government of up to $1.4 billion.
After a recent ransomware attack, the White House released an Executive Order (EO) stating, “The Federal Government must adopt security best practices; advance toward Zero Trust Architecture and accelerate movement to secure cloud services... Within 180 days of the date of this order, agencies shall adopt multi-factor authentication and encryption for data at rest and in transit, to the maximum extent consistent with Federal records laws and other applicable laws.”
The DBIR Data Shows:
61% of breaches involved credentials
36% of breaches involved phishing, up from 11% last year
Ransomware appeared in 10% of breaches, double the previous year
85% of breaches involved a human element
Compromised external cloud assets were more common than on-premises assets in incidents and breaches.
Multi-Factor Authentication and Zero Trust Prevent Attacks
According to the DBIR:
“Organizations that neglected to implement multi-factor authentication, along with virtual private networks (VPN), represented a significant percentage of victims targeted during the pandemic. The zero-trust model for access quickly became a fundamental security requirement rather than a future ideal. Nonrepudiation via Personal Identity Verification (PIV), Fast Identity Online (FIDO) or similar solutions became essential in zero-trust architectures. Security postures and principles, such as proper network segmentation, the prevention of lateral movement, least privilege, and “never trust, always verify” have proven to be strong indicators of an organization’s ability to prevent or recover from unauthorized presence in its network environment.`
"The 2021 DBIR report further reinforces that attackers continue to successfully achieve their goals by focusing on social engineering and password compromise. The potential for dramatic industry-wide improvement exists if secure access methodology and solutions are effectively applied, especially robust authenticators such as hardware security keys and emerging passwordless solutions, with policy-driven access controls providing defense-in-depth even if account compromise still occurs." — Josh Yavor, Head of Security, Duo Security
Overall, the 2021 DBIR finds the trends of previous years persisting, with an increase in efforts from bad actors whose top motivation across sectors and geographies is financial gain. With 61% of breaches involving credentials, being prepared and vigilant by leveraging multi-factor authentication and a zero trust strategy sets the foundation for good security hygiene and dramatically reduces the possibility of a breach.
Duo Security, now part of Cisco, is the leading multi-factor authentication (MFA) and secure access provider. Duo comprises a key pillar of Cisco Security’s Zero Trust offering, the most comprehensive approach to securing access for any user, from any device, to any IT application or environment. Duo is a trusted partner to more than 25,000 customers globally, including Facebook, Lyft, University of Michigan, Yelp, Zillow and more. Founded in Ann Arbor, Michigan, Duo also has offices in Austin, Texas; San Francisco, California; and London.
Try Duo For Free
See how easy it is to get started with Duo and secure your workforce, from anywhere and on any device with our free 30-day trial.