With a growing number of people who in the year of the pandemic they work remotely, Phishing and ransomware attacks increased by 11% and 6% respectively, with cases of misrepresentation growing 15 times over last year. In addition, data on breaches showed that 61% of these involved credentials (during the year, 95% of organizations that experienced similar attacks had between 637 and 3.3 billion fraudulent login attempts). This is the picture outlined by the 2021 edition of the Verizon Business Data Breach Investigations Report (Dbir 2021) just released. “The Covid-19 pandemic has had a profound impact on many of the cybersecurity challenges organizations are currently facing,” said Tami Erwin, CEO of Verizon Business.
The report analyzes “more breaches than in the past” and shows how “the most common forms of cyber attacks impacted global security during the pandemic”. This year’s report looked at 5,258 violations reported by 83 companies who collaborated on the report worldwide, one third more than those analyzed last year. And even SMEs are increasingly targeted by hackers. “The gap between violations that affect large companies and those that see small and medium-sized enterprises as victims is increasingly narrowing. If last year the violations to the detriment of SMEs were less than half of those suffered by large companies, the Dbir 2021 records a ratio of 100 to 87 ” Phillip Larbey, Managing Principal of Verizon Business, points out to Adnkronos.
“Even the types of attacks – Larbey underlines – must be uniform: both for SMEs and for large companies, over 70% of the breaches were caused by intrusions into the security system, errors of various kinds and attacks on web applications. A panorama that therefore highlights the increasing attractiveness of SMEs for hackers and that demonstrates how, even in countries like Italy whose economic fabric is based on small and medium-sized businesses, one cannot sleep peacefully, but we must continue to invest in the continuous updating of cybersecurity systems, but above all in the IT skills of the resources “.
Verizon’s 2021 report also highlighted the challenges businesses face when transfer most of their business functions to the cloud, since the web application attacks account for 39% of the total violations. “As more companies move essential business functions to the cloud, the potential threats to their operations could become more concrete, as attackers seek to exploit human vulnerabilities and increased dependence on digital infrastructures” highlights the CEO of Verizon Business, Tami Erwin.
Dbir 2021 also includes a detailed analysis of 12 sectors and exhibition that, although safety remains a priority challenge for everyone, they do exist significant differences between the various verticals. For example, in the financial and insurance sector, 83% of data compromised in the event of a breach is personal, while only 49% in the professional, scientific and technical services sector. In particular, in the Finance and insurance misdelivery errors represent 55% of the total. The financial sector often faces attacks aimed at obtaining credentials and ransomware by external actors.
In Healthcare, however, as has happened in recent years, the banal human error continues to characterize this sector, in particular misdelivery (36%), be it electronic or relating to paper documents. Furthermore in the public administration by far the greatest threat in this is social engineering. Hackers who can create a credible phishing email disappear with the credential data at alarming speed, Verizon analysts point out. Finally, many of the violations that have taken place in the Asia Pacific area, center the area
Europe, the Middle East and Africa (EMEA) continues to be affected by web application attacks, social engineering and security intrusions, and North America is often the target of financially motivated criminals.