Verizon report: cyber incidents, breaches driven by external actors

A majority of data breaches and cyber incidents during 2021—73%—were perpetrated by external actors, according to findings from Verizon’s latest global data breach investigations report. In cyber incidents, denial of service attacks were the most prevalent actions, representing 46% of total incidents, followed by backdoor or C2 malware at 17%. With regard to breaches, the most common types were use of stolen credentials, ransomware, phishing and backdoor or C2 malware.

The study also found that 82% of breaches and cyber incidents overall involved a human element. “Whether it is the use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in incidents and breaches alike,” Verizon noted, adding that “error continues to be a dominant trend and is responsible for 13% of breaches,” and can often be attributed to misconfigured cloud storage.

Turning to the financial services industry in particular (which includes both financial services and insurance firms for the purposes of this report), the survey found that basic web application attacks, system intrusion and miscellaneous errors represented 79% of all breaches or incidents. Driving the increase in basic web application attacks was a specific variety of “server—web application” attacks, which usually involve use of stolen credentials obtained by brute force hacking and credential stuffing. These types of attacks have risen from 12% to 51% from 2016 to today, Verizon noted. The survey also found that with respect to miscellaneous errors, misdelivery was the a common cause of data compromise—where personally identifying information or other sensitive information is delivered to the wrong recipient.

Meanwhile, system intrusion attacks have doubled from 14% of breaches in 2016 to 30%, and Verizon observed an increasing share of these types of attacks being attributable to organized crime. The report noted that ransomware in particular continues to be a high-profit, low-risk tactic in this category, along with denial of service attacks, which account for 58% of security incidents in financial services.