Majority of cyber crime found to be financially motivated
Financial gain remains the key driver for cyber crime with nearly nine in 10 breaches motivated by money, Verizon has found.
In its 2020 Data Breach Investigations Report (DBIR), the American telco found that the vast majority of breaches continue to be caused by external parties (70 per cent), with organised crime accounting for 55 per cent of these.
Credential theft and social attacks such as phishing and business email compromises cause the majority of breaches (over 67 per cent). Of this, 37 per cent of attacks were made through credential theft breaches using stolen or weak credentials, 25 per cent involved phishing, and human error accounted for 22 per cent.
Phishing attacks are typically carried out by email spoofing or instant messaging and often involve directing users to enter personal information on a fake website, which matches the look and feel of a legitimate site.
The 2020 DBIR also highlighted a year-over-year doubling in web application breaches, to 43 per cent, and stolen credentials were used in over 80 per cent of these cases, something Verizon said was “worrying” as businesses increasingly shift their workflows over to the cloud.
Ransomware also saw a slight increase, found in 27 per cent of malware incidents compared to 24 per cent in 2019.
“As remote-working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” said Tami Erwin, CEO of Verizon Business. “In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.”
The report comes as hacking activity against corporations in the US and other countries has more than doubled since the start of the lockdown as cyber criminals exploit security weaknesses in hastily drawn-up work-from-home policies.
The growing number of small and medium-sized businesses using cloud- and web-based applications and tools has made them prime targets for cyber attackers, Verizon said.
The motivation behind cyber attacks also differed depending on the region.
For example, while financially motivated breaches accounted for 91 per cent of cases in the US, it’s just 70 per cent in Europe, Middle East and Africa, and 63 per cent in Asia Pacific.
The report’s lead author Alex Pinto said: “Security headlines often talk about spying, or grudge attacks, as a key driver for cyber-crime – our data shows that is not the case.
“Financial gain continues to drive organised crime to exploit system vulnerabilities or human error. The good news is that there is a lot that organisations can do to protect themselves, including the ability to track common patterns within cyber-attack journeys – a security game-changer – that puts control back into the hands of organisations around the globe.”
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.