{"id":3770,"date":"2021-09-03T10:39:28","date_gmt":"2021-09-03T08:39:28","guid":{"rendered":"https:\/\/10guards.com\/?p=3770"},"modified":"2021-09-13T09:43:38","modified_gmt":"2021-09-13T07:43:38","slug":"verizon-the-cyber-vector-for-companies-is-set","status":"publish","type":"post","link":"https:\/\/10guards.com\/it\/blog\/2021\/09\/03\/verizon-the-cyber-vector-for-companies-is-set\/","title":{"rendered":"Verizon: The Cyber Vector For Companies Is Set"},"content":{"rendered":"

Ci spiace, ma questo articolo \u00e8 disponibile soltanto in en<\/a>, ru<\/a> e ua<\/a>.<\/p>

Throughout 2020 we often heard the word unprecedented, seemingly in excess. Yet, for cybersecurity, it is an apt description of the challenges companies faced as they shifted to a work-from-home culture. These challenges \u2014 with phishing, ransomware, and social engineering as the reigning champions of attack vectors \u2014 are outlined in the 2021 Verizon Data Breach and Investigations Report (DBIR 2021.)<\/p>\n

 <\/p>\n

According to Verizon, \u201cbreaches are moving toward social and webapp vectors, and those are becoming more server based, such as gathering credentials and using them against cloud-based email systems\u201d. \u201cThe DBIR is not in the business of prediction, but it can go a long way to help you shape your response strategy in the face of an uncertain future\u201d, states the report.<\/p>\n

 <\/p>\n

What you need to know: <\/strong><\/span><\/p>\n

 <\/p>\n

Report analyzed 29,207 quality incidents, of which 5,258 were confirmed breaches<\/p>\n

Phishing attacks increased by 11 percent, while attacks using ransomware rose by 6 percent<\/p>\n

85 percent of breaches involved a human element, while over 80 percent of breaches were discovered by external parties.<\/p>\n

 <\/p>\n

Breach simulations found the median financial impact of a breach is $21,659, with 95 percent of incidents falling between $826 and $653,587.<\/p>\n

 <\/p>\n

Key points from Verizon\u2019s data breach report<\/strong><\/span><\/p>\n

 <\/p>\n

    \n
  1. Phishing<\/strong><\/li>\n<\/ol>\n

     <\/p>\n

    The incidence of phishing attacks in data breaches increased 11% more than in the previous year. It went from 25% to 36%.<\/p>\n

     <\/p>\n

    This high variation is related to the pandemic and scams that use COVID-19 to deceive and persuade people. An important point to note is the analysis of at least 150 templates of phishing emails.<\/p>\n

     <\/p>\n

    \u201cPhishing remains one of the top action varieties in breaches and has done so for the past two years\u201d, says the report.<\/p><\/blockquote>\n

     <\/p>\n

    \u201cThis increase correlates with our expectations given the initial rush in phishing and COVID-19-related phishing lures as the worldwide stay-at-home orders went into effect.\u201d<\/p><\/blockquote>\n

     <\/p>\n

      \n
    1. Social engineering<\/strong><\/li>\n<\/ol>\n

       <\/p>\n

      The report also points to an increase in social engineering attacks that result in data breaches: from 22% to almost 35%.<\/p>\n

       <\/p>\n

      \u201cWe\u2019ve definitely seen a jump in social engineering breaches as a pattern from last year with an overall upward trend since 2017. For the past couple of years, it appears to be correlated to an uptick in the compromise of cloud-based mail servers. What we cannot say is why email is so enticing to threat actors\u201d.<\/p><\/blockquote>\n

       <\/p>\n

      Verizon says that the most common forms of social engineering are phishing, BEC (Business Email Compromise), and spam. These scams are mostly propagated via malicious emails.<\/p>\n

       <\/p>\n

      \u201cBEC were the second most common form of social engineering. This attack scenario reflects the meteoric rise of misrepresentation, which was 15 times higher than last year in social incidents.\u201d<\/p><\/blockquote>\n

       <\/p>\n

      Verizon also claims that social engineering and phishing attacks are widely used to steal credentials and spread malware, such as C2, backdoor, trojan, and ransomware.<\/p>\n

       <\/p>\n

      \u201cThe majority of social engineering incidents were discovered externally. (\u2026) This means that when employees are falling for the bait, they don\u2019t realize they\u2019ve been hooked\u201d.<\/p><\/blockquote>\n

       <\/p>\n

        \n
      1. Most common types of compromised data<\/strong><\/li>\n<\/ol>\n

         <\/p>\n

        As in previous years, credentials remain at the top of the list as the type of data most compromised by cybercriminals. By hacking credentials, criminals have access to systems and sensitive information.<\/p>\n

         <\/p>\n

        In addition to credentials, personal data is another type of data that is highly targeted by cybercriminals. This kind of information is then sold on the dark web or even used in other types of fraud.<\/p>\n

         <\/p>\n

        Check the list with the most compromised data in breaches:<\/p>\n

         <\/p>\n