In Cybersecurity … The Song Remains The Same (But With Ransomware Added)

The Verizon 2021 data breach report makes interesting read, and tries to break down the costs related to a data breach and a data incident…

In Cybersecurity … The Song Remains The Same (But With Ransomware Added)

The Verizon 2021 data breach report makes interesting reading, and tries to break down the costs, motivations and attack vectors related to data breaches and data incidents. For data breaches — the song remains the same — and where it is still social engineering that is the top attack vector (on the left-hand side), and, for incidents, it is the blunt (and unsophisticated) attack tool of DoS (on the right-hand side) [here]:

For costs, the report breaks down these into: BEC (Business Email Compromise); CDB (Computer Data Breach); Forensics; and Legal Advice. We can see that BEC and CDB have a similar range of costs, and which can go up to over $1 million. Ransomware has the greatest spectrum of costs, and starts at $69 but go up to over one million dollars:

It’s still privilege abuse that’s the main threat

And, as we increasingly move into zero-trust infrastructures, we are still faced with privilege abuse and data mishandling (such as storing data in the wrong place) as being the top threats for data breaches:

And guess what is the top attack vector? Yes, you’ve guessed it … phishing. Overall, it is still responsible for a large percentage of data breaches, and where stolen credentials and ransomware attacks are also significant (on the left-hand side of the graphic). Phishing and DoS are also significant in terms of incident investigation, too (the left-hand graphic):

For the ways that these attacks get into the network, the report outlines that social engineering and hacking mainly involve infiltration of the network (‘gain access from outside’), whereas physical access and misuse are mainly exfiltrates (‘moving the data outside the network’):

And, as they say, every story has a beginning, a middle, and an end, and so every incident has. Most often, at the beginning, this was caused by compromises through hacking, an error/misuse or some social activity, and then compromised by malware or hacking:

Insiders or outsiders?

A few years ago, it was reported that around 30–40% of data breaches were from insiders. From the graphic below, we can see that this is still significant, but around 4-in-5 data breaches now relate to external actors, with very few related to partnerships and trusted external sources:

And what motivates those to steal data? Well, it’s our human failing of loving money too much:

And the threat actors now tend to be organised crime gangs — with over 80% of the financially motivated crime for data breaches being driven by them. With criminal forums, we see the discussion of data that could be used to comprise bank details. So what’s the most discussed area? Well, most often it is focused on bank and credit card details:

Conclusions

As Led Zeppelin would say … “The Song Remains The Same”.

It is still the same type of attack vectors as before, with spear-phishing still the top threat for data breaches. Ransomware is catching up fast, though.

When it comes to motivations … as always … it is money that often drives “us”. I say, “us”, as we could all turn to the dark side.

One interesting thing is that insiders are less of a threat — in a percentage term — than outsiders.