Verizon released its 2020 Data Breach Investigations report on Tuesday, outlining the biggest cybersecurity threats hitting the enterprise and providing tips on how to handle the risks. The majority (86%) of data breaches are for financial gain—up from 71% in 2019, the annual report found. 

SEE: Security Awareness and Training policy (TechRepublic Premium)

“When we started it 13 years ago, [the report] was designed to be a means of sharing information of what we’re seeing out of the field,” said John Loveland, global head of cybersecurity strategy and marketing at Verizon. 

“The first report consisted of an analysis of the specific breaches that Verizon worked on and helped our customers with,” Loveland said. “But it’s become this means of information sharing with the goal around using data to make better decisions about cybersecurity spending and resource allocation.” 

Cybersecurity has become even more important with the coronavirus ushering in this new era of remote work, Loveland noted. 

“With increasingly more remote workers, you’re not likely to have the same cyber defenses around the remote working environment that you would have with those customers in the office,” Loveland said. “You’ve got more usage of cloud-based applications to support the remote workers, and with that comes new cyber security challenges and areas of vulnerability that need to be addressed.” 

Biggest threats 

“Most of the hacks are not sophisticated; most of them are primarily oriented around financial gain and increasingly these days, it’s around ransomware,” Loveland said. “It’s all about holding the company hostage to extract some monetary gain from that. At the end of the day, it all boils down to money.” 

Ransomware saw a slight increase in the past year in 27% of malware incidents, compared to 24% in 2019. Some 18% of organizations said they blocked at least one piece of ransomware in the last year, according to the report.

Another threat the enterprise is seeing is the misconfiguration of cloud applications, Loveland said. 

“We’re seeing an awful lot of misconfiguration of cloud applications that actually makes the data that’s housed in these cloud applications more susceptible to theft,” Loveland said. “You see both insider and external actors continuing to play a very dominant role is who is behind the attack.”

The majority of breaches (70%), however, are caused by external actors, with organized crime accounting for more than half (55%) of them. Credential theft and social attacks including phishing and business email compromises caused more than 67% of breaches. 

Some 37% of credential theft breaches used stolen or weak credentials; 25% involved phishing attacks; and human error accounted for 22%, according to the report. 

The report also found a year-over-year twofold increase in web application breaches. More than 80% of the cases used stolen credentials, which is worrisome as more workflows continue moving to the cloud, the report found. 

“The whole corona crisis is really just another straw on the camel’s back,” Loveland said. “The need for cybersecurity the last several years has been brought to the floor both for big companies and small companies alike.” 

While large companies may be featured in the news more for high-profile breaches, smaller businesses are by no means immune, especially with the growing number of small and midsize businesses using cloud- and web-based applications, Loveland said.

Phishing is the biggest threat for small organizations, making up more than 30% of breaches. Other threats included the use of stolen credentials (27%) and password dumpers (16%), the report found.  

For credentials, attackers mainly target personal data and internal business-related data including medical records, internal secrets, and payment information. More than 20% of attacks were against web applications, involving stolen credentials, according to the report.

Industries and regions under fire 

Industries across the enterprise including manufacturing, retail, finance, education, healthcare, and the public sector all face growing cybersecurity concerns. 

“Criminals are going to go the path of least resistance, where they feel like there’s been less focus from a cybersecurity perspective,” Loveland said. “You’re going to see a higher number of breaches in those areas.” 

In retail, nearly all (99%) of incidents were financially motivated, with payment data and personal credentials being the main focus. While in finance, for example, most breaches were caused by web application attacks, driven by external actors using stolen credentials to obtain sensitive data in the cloud. 

The attacks by industry vary on the easiest ways information can be gathered in that sector, the report found. 

North America mainly saw attacks via stolen credentials, accounting for more than 79% of hacking breaches. In Europe, the Middle East, and Africa, denial of service (DoS) attacks accounted for more than 80% of malware incidents. And in the Asia Pacific, 63% of breaches were motivated by money, according to the report. 

How to stay protected

The report suggested organizations and individuals stay protected via continuous vulnerability management, secure configurations, email and web browser protections, limitation and control of network ports, account monitoring, and security awareness training. 

An area that Loveland emphasized was patching and patch management: “This is all about making sure that the software and systems are appropriately updated, so it’s protected against certain threats. And that your malware defenses are appropriately updated with signatures.” 

Loveland also suggested companies do their best to support a cyber aware culture around the protection of user information and the prevention of phishing emails. He also recommended integrating an advanced multifactor identification technology that makes it more difficult for cybercriminals to access sensitive information. 

For more, check out Cybersecurity: Half of businesses have had remote working security scares on TechRepublic. 

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Sign up today

Also see