The Verizon Business 2021 Data Breach Investigations Report (2021 DBIR) report saw 5,258 breaches from 83 contributors across the globe, a third more breaches analyzed than last year.
With an unprecedented number of people working remotely, phishing and ransomware attacks increased by 11 percent and 6 percent respectively, with instances of misrepresentation increasing by 15 times compared to last year.
Additionally, breach data showed that 61 percent of breaches involved credential data (95 percent of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year).
The report also highlighted the challenges facing businesses as they move more of their business functions to the cloud — with attacks on web applications representing 39% of all breaches.
“The COVID-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing,” said Tami Erwin, CEO, Verizon Business. “As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures”.
This year, the Incident Classification Patterns the DBIR report team uses to classify security threats have also been improved and refreshed. The updated report patterns explain 95.8 percent of analyzed breaches and 99.7 percent of analyzed incidents over all time, and should provide customers with a better understanding of the threats that exist, and how their organizations can best avoid them.
Increase in phishing and ransomware attacks — along with continued high numbers of Web Application Attacks — underscore a year of unprecedented security challenges, the report said.
The report analyzes 29,207 quality incidents, of which 5,258 were confirmed breaches. Phishing attacks increased by 11 percent, while attacks using ransomware rose by 6 percent.
Eighty-five percent of breaches involved a human element, while over 80 percent of breaches were discovered by external parties.
Breach simulations found the median financial impact of a breach is $21,659, with 95 percent of incidents falling between $826 and $653,587.