+65-6248-6600
Contact Us

Information
NAICS 51

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Submit View only

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

  • Frequency

    		  

    2,561 incidents, 378 with confirmed data disclosure

    Top patterns

    		  

    System Intrusion, Basic Web Application Attacks, and Miscellaneous Errors represent 81% of breaches

    Threat actors

    		  

    External (76%), Internal (24%) (breaches)

    Actor motives

    		  

    Financial (78%), Espionage (20%), Ideology (1%), Grudge (1%) (breaches)

    Data compromised

    		  

    Personal (66%), Other (35%), Credentials (27%), Internal (17%) (breaches)

    Top IG1 protective controls

    		  

    Security Awareness and Skills Training (CSC 14), Secure Configuration of Enterprise Assets and Software (CSC 4), Access Control Management (CSC 6)

    What is the same?

    		  

    Surprisingly, over the last five years Social breaches have remained roughly the same. This may be because Social breaches are targeting customers resulting in Hacking breaches (which have also stayed pretty level) to the company due to stolen credentials.

    Summary

    		  

    System Intrusion moves ahead of Errors and Basic Web Application Attacks to claim the top spot this year in breaches, meanwhile DDoS maintains its top position in incidents. Malware has seen a noticeable rise over the past two years, while Errors appear to be on the down swing since their rise five years ago.

  • Patterns

    		  

    5-Year difference

    		  

    3-Year difference

    Basic Web Application Attacks

    		  

    No change

    		  

    No change

    Miscellaneous Errors

    		  

    Greater

    		  

    Less

    System Intrusion

    		  

    Greater

    		  

    Greater

  • Pattern

    		  

    Difference with peers

    		  

     

    System Intrusion

    		  

    No change

    		  

     

    Basic Web Application Attacks

    		  

    Greater

    		  

     

    Miscellaneous Errors

    		  

    Greater

    		  

     

  • Last year, not unlike your boss at your last performance review, we highlighted the Errors in the Information industry. However, as we can see in Figure 88, there has been clear progress that we can put on the mid-year review. Errors have experienced a decline since their upswing half a decade ago in 2017.

  • To maintain the balance however, malware has seen a measurable increase over the last two years. That is reflected in Figure bbf55dbd. System Intrusion has jumped to the top in this vertical, even rising above Basic Web Application Attacks.

    One interesting effect of having System Intrusion in the number one position is that the Information industry contains a smorgasbord of Action varieties. Use of stolen creds is the most common, but after that, a legion of varieties are present, with Ransomware, Misconfiguration, Backdoor or C2, and Export Data appearing in more than 4% of breaches. In fact, Information is tied for 2nd place in industries by the number of varieties above 4% at 17 different action varieties.

    Figure 90 illustrates the top incidents, dominated by DDoS attacks and System Intrusions (which are driven by Ransomware). Please be sure not to forget about DDoS–while it is relatively easy to mitigate, it has certainly not gone away. 

    Finally, Figure 91 provides a look into something else that’s easy to forget: botnets. The information industry takes the top spot in botnets for the second year running. Botnet breaches are often masked at the victim organization because they only see the malicious login, and not that the bot also stole the credentials.

Let's get started.