The cyber security industry is constantly evolving in the never-ending cycle of hacker versus user. For any readers that are Batman fans, the cybersecurity industry can be compared to this quote from Jim Gordon at the end of Batman Begins.
“We start carrying semi-automatics, they buy automatics. We start wearing Kevlar, they buy armor-piercing rounds.”
It's safe to say the same for the cybersecurity industry as there is a constant need for more defense or tools to combat the ever-evolving hacker. In the past year we saw increases in nearly every form of cyber-attack.
Each year, Verizon releases their “Data Breach Investigation Report” that details cyber-attacks and incidents reported by companies and individuals surveyed by Verizon. The report covers data breaches all over the world and provides specific data pertaining to certain regions and industries.
It is important to note that the data collected for this report was through surveying, so the number of total cyber-attacks is likely higher than what is stated in the report.
Incident Classification Patterns
System intrusion breaches are more complex in nature due to multiple actions combined. System intrusion attacks can be a combination of social, malware, and hacking breaches. All of these increased this year. These incidents are normally from an external source, 98% in 2021, and almost always financially motivated 93% (DBIR, 2022, P.25).
The human element accounted for 82% of breaches in 2021. Social attacks reported in 2021 were 100% external and primarily financially motivated (DBIR, 2022, P.33). After social engineering gets its foot in the door, malware gets in and takes over.
Basic Web Application Attacks (BWAA)
There are two types of basic web application attacks. The first is gaining access to a server whether it be using vulnerabilities or stealing credentials. The second is the payload used to keep access. These breaches in 2021 were 100% external. While the other patterns were the majority financially motivated, BWAA was dispersed a little more. Financial came in at 65% with espionage in second at 31% (DBIR, 2022, P.36). For Social Engineering and System intrusion, financial attacks were both in the 90% or higher tier.
Any incident caused by a miscellaneous error would be considered internal. A combined 99% of the data compromised by miscellaneous errors were personal or medical data. Out of 715 miscellaneous error incidents, 708 had confirmed data disclosure (DBIR, 2022, P.39).
Denial of Service
Also known as traffic jams, a denial-of-service attack sends junk data to your device to block you from being able to perform tasks. Out of the 8,456 incidents, only 4 had confirmed data disclosure while they were 100% external (DBIR, 2022, P.41).
Lost & Stolen Assets
The lost and stolen assets pattern is almost always financially motivated. In 2021 financial incidents took up 98% of the incidents. These incidents happen when an employee loses assets, or someone steals them. 94% of the incidents were internal while 6% were external (DBIR< 2022, P.43).
Privilege misuse is a common example of people abusing their access to data in order to cause incidents and breaches. Finance is the leading motive behind 78% of these incidents while some are built upon espionage or grudges (DBIR, 2022, P.47).
Accommodation & Food Services
The accommodation and food services industry saw drops in system intrusion but still gets plagued by malware and credential theft. The industry saw 156 incidents, most being from an external source looking for financial gain (DBIR, 2022, P.53).
Arts, Entertainment, & Recreation
The arts, entertainment, and recreation industry experienced 215 incidents in 2021 with 97% of them going for financial gain. ¾ of these breaches were external and 97% we financially motivated (DBIR, 2022, P.55).
The education industry was commonly targeted by basic web application attacks and system intrusion. Miscellaneous errors also were common incidents with education in 2021. 75% of the breaches were from external sources while 95% of them were financially motivated (DBIR, 2022, P.57).
Financial & Insurance
There were over 2,500 incidents in the Financial and Insurance industry in 2021. The industry was thwarted by basic web application attacks, system intrusions, and miscellaneous errors. Most of the actor's motives were, to no surprise, financially motivated (DBIR, 2022, P.59).
Healthcare incident numbers were surprisingly lower than we were expecting to see. There were 849 reported incidents lead by miscellaneous errors and basic web application attacks. 61% of breaches were from external sources while 31% were internal. Most of the internal breaches were the cause of an error. Of the actor's motives, 95% of them were financial (DBIR, 2022, P.61).
The Information industry suffered 2,561 incidents in 2021. System Intrusion took the lead in breaches when in past years errors and basic web application attacks were ahead of it. Over ¾ of breaches were financially motivated by stealing personal data and credentials (DBIR, 2022, P.63).
The manufacturing industry experienced over 2,000 breaches in 2021. System intrusion was the leading pattern of attack followed by basic web application attacks and social engineering. Most of these threat actors were external sources going for financial gain through targeting personal data and credentials (DBIR, 2022, P.65).
Mining, Quarrying, and Oil & Gas Extraction + Utilities
This industry experienced a relatively low number of incidents in 2021, only 403. 95% of these breaches were represented by Social Engineering, System Intrusion, and Basic Web Application Attacks. 96% of the breaches were from external attackers searching for financial gain (DBIR, 2022. P.67).
Professional, Scientific, and Technical Services
The Professional, Scientific, and Technical Services industry saw over 3,500 incidents in 2021. System Intrusion was the leading pattern of attack. Like most other industries, 90% of these attacks were financially motivated (DBIR, 2022, P.69).
In 2021 there were 2,792 incidents in the public administration industry. System Intrusion once again was the leading pattern of attack, but miscellaneous errors and basic web application attacks were not far behind. 80% of these breaches were financially motivated but 18% were represented by espionage. The data that was targeted was personal and credential data (DBIR, 2022, P.71).
The retail industry encountered a relatively low number of incidents compared to other industries. It only experienced 629 incidents. System Intrusion and Social Engineering were the leading patterns of attack like most others. A massive 98% of these attacks were financially motivated (DBIR, 2022, P.73).
Small businesses suffered 832 incidents in 2021. System Intrusion, Social Engineering, and Privilege Misuses represent 98% of the industry’s breaches. 100% of these incidents were financial. (DBIR, 2022, P.75).
The Asia Pacific region had 4,114 incidents in 2021. 98% of these breaches had patterns of either Social Engineering, Basic Web Application Attacks, and System Intrusion. Almost all of these breaches were from external attackers that were on the hunt for credentials and secret data (DBIR, 2022, P.80).
Europe, Middle East, & Africa
These three regions only experienced 1,093 incidents between the three of them. 97% of the breaches were external with either System Intrusion, Social Engineering, or Basic Web Application Attacks being responsible. Most of these attackers were stealing credentials for financial gain (DBIR, 2022, P.81).
North America suffered the most incidents out of all the regions with 4,504 of them. 90% of these incidents were from external sources. 96% of the breaches were searching for financial gain (DBIR, 2022, P.83).
Latin America & the Caribbean
This region suffered the least number of incidents in 2021. Latin America and the Caribbean only encountered 92 incidents in the entire year. System Intrusion, Denial of Service, and Social Engineering were responsible for 88% of breaches. While most of these attacks were financially motivated, most of the attackers were after system data and credentials too (DBIR, 2022, P.85).
To prevent cyber-attacks, it is crucial that you and your company practice good cyber hygiene.
- Use unique passwords and a password manager program to stay organized but also prevent hackers from gaining access to more than one of your accounts.
- Do not answer emails from unknown senders or sources you were not expecting an email from. These emails could be leading you down the path to phishing fraud.
- Do not release your personal information. No one will ask for your sensitive information first.
- Do a yearly vulnerability assessment along with phishing training. This will help you exploit the weakest points of your data that hackers will have the easiest access to.
Here is what we can do to help you mitigate the risk of these attacks.
- Vulnerability Scanning - Network, Web App, Cloud, Mobile, etc.
- An exercise used to identify gaps, weaknesses, and misconfigurations potential points of exploitation inside of a company's data environment. Depending on the environment, we suggest at the very least conducting these quarterly.
- Audits / Gap Analysis
- Gap Analysis Focuses on what is missing in your processes compared to a compliance standard or framework. An Audit is verifying that the policy or process conforms with the requirements of that framework. We suggest conducting these on an annual basis or at least every other year
- Incident Response Exercise
- A mock drill or simulation of an attack scenario that is extremely relevant to the business. We suggest conducting this annually
- Phishing & Security Awareness Training
- Teaching you and your employees to be cyber-safe through online computer-based training and a series of short tests. Phishing is putting what they learn to the test in a simulated email attack in order reinforce what they learn. We suggest the training is done companywide at least quarterly, and phishing on a monthly basis.
- Penetration Testing
- A step further than a Vulnerability Scan in which the vulnerabilities found are exploited in a manner to provide you with how likely your data is at risk and what an attacker can get to in your environment. We suggest conducting these at least annually depending on the environment.