Verizon recently released its 2021 Data Breach Investigation Report (DBIR). As the 14th edition, the report is seen as a trusted and respected resource in cybersecurity for its annual reporting and analysis of incidents and breaches. The complete 2021 DBIR, as well as an executive summary is available on Verizon's DBIR resource page.
The report analyzed 79,635 incidents from 88 countries. Over 29,000 met the report’s quality standards and 5,258 were confirmed data breaches. On page 4, the report explains who a threat actor is and what tactics and actions are referenced throughout the report. In addition, the report highlights incidents and breaches, and the following definitions were provided. An incident is defined as a security event that compromises the integrity, confidentiality or availability of an information asset. A breach is an incident that results in the confirmed disclosure--not just potential exposure--of data to an unauthorized party. (page 4)
A summary of the findings shows that denial of service attacks topped the incidents experienced and social engineering tactics resulted in the most data breaches. (page 7)
- 85 percent of breaches involved a human element (top two: phishing & stolen credentials).
- 61 percent of breaches involved credentials.
- 13 percent of non-DoS incidents involved ransomware.
- Three percent of breaches involved vulnerability exploitation.
- The costs of these incidents resulted in deficits between $69 to well over $1.5 million.
Phishing remains one of the top activities. This attack style is present in 36 percent of the breaches (up from 25 percent last year). Their was also a major change this year with the increase of Ransomware, more than doubling its frequency from last year. (page 16)
Industry Analysis from the Verizon 2021 Data Breach Investigations Report
Education Services (pages 73 - 74) – This sector is assailed by financially motivated actors looking to gain access to the data and systems of the people who are just trying to get through the school day.
- Frequency 1,332 incidents, 344 with confirmed data disclosure.
- Top Patterns: Social Engineering, Miscellaneous Errors and System Intrusion represent 86% of breaches.
- Threat Actors External (80%), Internal (20%), Multiple (1%) (breaches).
- Actor Motives Financial (96%), Espionage (3%), Fun (1%), Convenience (1%), Grudge (1%) (breaches).
Healthcare (page 76) – Basic human error continues to beset this industry as it has for the past several years. The most common error continues to be Misdelivery (36%), whether electronic or paper documents. Malicious Internal actions, however, have dropped from the top three for the second year in a row. Financially motivated organized criminal groups continue to target this sector, with the deployment of Ransomware being a favored tactic.
- Frequency 655 incidents, 472 with confirmed data disclosure.
- Top Patterns: Miscellaneous Errors, Basic Web Application Attacks and System Intrusion represent 86% of breaches.
- Threat Actors External (61%), Internal (39%) (breaches).
- Actor Motives Financial (91%), Fun (5%), Espionage (4%), Grudge (1%) (breaches).
Public Administration (pages 84 - 85) – By far the biggest threat in this industry is the social engineer. Actors who can craft a credible phishing email are absconding with credentials at an alarming rate in this sector.
- Frequency 3,236 incidents, 885 with confirmed data disclosure.
- Top Patterns: Social Engineering, Miscellaneous Errors and System Intrusion represent 92% of breaches.
- Threat Actors External (83%), Internal (17%) (breaches).
- Actor Motives Financial (96%), Espionage (4%) (breaches).
Other Key Pages
Page 6: Introduction
Page 7: Summary of findings
Pages 35-40: Denial of service - 14,335 incidents, 4 confirmed data disclosure
Pages 41-42: Lost and stolen assets - 1,295 incidents, 84 confirmed data disclosure
Pages 43-45: Miscellaneous errors - 919 incidents, 896 confirmed data disclosure
Pages 46-48: Privilege misuse - 265 incidents, 222 confirmed data disclosure
Pages 49-52: Social engineering - 3,841 incidents, 1767 confirmed data disclosure
Pages 54-57: System intrusion - 3,710 incidents, 966 confirmed data disclosure
Pages 58-61: Basic web application attacks - 4,862 incidents, 1,384 confirmed data disclosure
Pages 62-63: Everything else - 129 incidents, 38 confirmed data disclosure
Pages 65-68: Industry highlights