-
Summary
Financially motivated organized criminals utilizing attacks against web applications have their sights set on this industry. But employee errors such as standing up large databases without controls are also a recurring problem. These, combined with social engineering in the forms of phishing and pretexting attacks, are responsible for the majority of breaches in this industry.
Frequency
112 incidents, 67 with confirmed data disclosure
Top Patterns
Everything Else, Web Applications and Miscellaneous Errors represent 69% of breaches.
Threat Actors
External (68%), Internal (32%) (breaches)
Actor Motives
Financial (74%—98%), Espionage (1%—21%), Convenience (0%—15%) (breaches)
Data Compromised
Personal (64%), Credentials (34%), Other (23%) (breaches)
Top Controls
Boundary Defense (CSC 12), Implement a Security Awareness and Training Program (CSC 17), Secure Configurations (CSC 5, CSC 11)
Data Analysis Notes
Actor motives are represented by percentage ranges, as only 26 breaches had a known motive. Some charts also do not have enough observations to have their expected value shown.
- 2020 DBIR
- DBIR Cheat sheet
- Introduction
- Summary of findings
- Results and analysis
- Incident classification patterns and subsets
- Industry analysis
- Accommodation and Food Services
- Arts, Entertainment and Recreation
- Construction
- Educational Services
- Financial and Insurance
- Healthcare
- Information
- Manufacturing
- Mining, Quarrying, Oil & Gas Extraction + Utilities
- Other Services
- Professional, Scientific and Technical Services
- Public Administration
- Real Estate and Rental and Leasing
- Retail
- Transportation and Warehousing
- Does size matter? A deep dive into SMB Breaches
- Regional analysis
- Wrap-up
- CIS Control recommendations
- Year in review
- Appendices (PDF)
- Corrections
- Download the full report (PDF)
-
The Transportation and Warehousing industry is a new one for our report. If you’re reading this report for the first time for just this reason, pull up a chair, we’re glad to have you! As you know, this industry is all about getting people and goods from point A to point B, and about storing those goods until they’re needed. Once transported, the people are usually good enough to find their own places to stay, but that’s another industry entirely.
-
All roads lead to pwnd
What is causing breaches in this sector? Our data shows us that Web Application attacks and Miscellaneous Errors are quite common, and the Everything Else pattern is also prevalent, but more on that later (Figure 106). Web applications are a common attack across the dataset, and a fact of life in this era is that if you have an internet-facing application, someone out there will eventually get around to testing your controls for you. The Hacking, Social and Malware actions were the most common in this industry, which supports the Web Applications pattern’s prominence.
-
Keep your eyes on the road
Miscellaneous Errors are simply a byproduct of being human—we make mistakes. The most common error in this industry was Misconfiguration, as shown in Figure 107. A typical misconfiguration error scenario is this: An internal actor (frequently a system admin or DBA) stands up a database on a cloud service without any of those inconvenient access controls one would expect to see on sensitive data. Then, an enterprising security researcher finds this instance using a search engine that is made to spot these unprotected datastores and poof, you have a breach.
That “Everything Else” pattern mentioned earlier—it is a place we store odds and ends for attacks that don’t fit into the other attack patterns, and within this pattern lives the business email compromise (BEC). These usually come in as a phishing email, although they can also be done over the phone. The goal of the attacker is either to get data or facilitate a wire transfer to their conveniently provided bank account. These attacks are perpetrated largely by organized criminal actors with a financial motive.
You can see in Figure 108 the most common motive of the external actors in this sector. While there are some espionage-motivated actors, they are few and far between when compared to financially motivated attackers. The data type of choice in this vertical appears to be Personal, which is being closely tailgated by Credentials.
