Writers of the Data Breach Investigations Report (DBIR) describe the survey as “not in the business of prediction but it can go a long way to help you shape your response strategy in the face of an uncertain future.”
It’s a detailed report, but the headlines are:
- Phishing, criminals conning people to hand over login credentials, was used in 36% (up from 25% the previous year) of breaches.
- Ransomware increased 10% with a trend to double extortion, i.e. in addition to locking the data criminals also extract it to leak or sell it publicly.
Data breaches have increased by a third as criminals know that security teams and users are stretched by the demands of remote working which is making everyone a little less vigilant.
Since 85% of breaches contained a human element your defences for 2021 should include instilling what we at The Final Step call a “security-first mindset” in your company. But to quote the report:
“The conversation about data leakage has flipped from “if” to “when” a company will be breached by malicious actors. The fight against cyber breaches continues to depend on an organization’s [sic] ability to train and adapt its members’ behaviors [sic] to protect against actions such as credential theft, social engineering, and user error”.
You can read Verizon’s report online or download it here.
The image is taken from the cover of the DBIR