A record number of breaches were analyzed in the Verizon 2021 Data Breach Investigations Report, with cybercrime thriving during the COVID-19 pandemic.
The study looked at a total of 29,207 security incidents from 83 contributors across the globe, of which 5,258 were confirmed breaches. This represented a substantial rise compared to last year’s report, in which there were 3,950 breaches identified.
There was a significant increase across a number of different attack vectors, which the researchers believe was fueled by the shift to home working as a result of COVID-19. Phishing and ransomware attacks went up by 11% and 6%, respectively, while instances of misrepresentation increased 15-fold compared to the previous year.
Well over half (61%) of the breaches analyzed involved credential data, and, in total, 85% of breaches involved a human element, according to the report.
Additionally, it was found that the rapid shift to the cloud during the crisis was heavily exploited by cyber-criminals, with attacks on web applications making up 39% of all breaches.
The report also noted significant variation in the way different industries were affected by cyber-attacks. For example, 83% of data compromised in breaches in the financial and insurance industries was personal information, while for professional, scientific, and technical services under half (49%) was of a personal nature.
Tami Erwin, CEO of Verizon Business, outlined: “The COVID-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing. As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures.”
Commenting on the findings, Eoin Keary, CEO and founder, Edgescan, said: “While it’s hard to establish causality, the data in the report confirms the impression that attackers certainly aren’t hindered in their efforts by global crises and are ready to opportunistically exploit any gap in the fence to pursue their objectives. For this reason, it is ever more important for the cybersecurity industry to come together and join forces to fight the challenges facing organizations today.”
Dan Conrad, IAM strategist, One Identity, said the report emphasized the growing importance of protecting credentials to secure organizations: “85% of breaches involved a human element—again, Identity is the security perimeter. We MUST find ways to protect us from ourselves,” he stated. “With that, I believe there is a shift in the mindset of the employee and consumer where they are starting to appreciate the protection of their own credentials. If we can protect our enterprises from our employees by simply embracing enhanced authentication (a.k.a. multifactor) then we are taking the right steps to protect our enterprises and adjusting the mindset of the user. In the new world of remote workers accessing everything from everywhere, anytime, ensuring they are who they say they are is critical.”