show image

Laurie Clarke


Verizon’s DBIR: most cyber attacks launched by organised crime groups for financial gain

The vast majority of cyber attacks are perpetrated by organised crime actors for financial gain, rather than nation states for espionage purposes, according to a Verizon report on data breaches that analysed more than 157,000 security incidents and more than 3,900 confirmed data breaches across 81 countries over the last 12 months.

The 2020 Data Breach Investigations Report finds that the number of breaches doubled from the previous year – and are expected to climb even higher due to increased home working and a rise in attacks during the pandemic.

Here are five takeaways from from the report:

1. Most cyber attacks are money-motivated

The results show that 86 per cent of the breaches included in the report’s analysis were motivated by financial gain. Organised criminal groups were behind 55 per cent of the breaches. Nation state or state affiliated attacks were behind roughly 10 per cent of attacks, according to the report – meaning cash still tops espionage as a motivator.

2. Personal data is in high demand

The report showed that personal data has become the greatest temptation for cyber criminals, with nearly 60 per cent of all data breaches involving personal data being snatched.

3. Passwords are vulnerable to attackers

Credential theft, phishing and business email compromise type incidents accounted for more than two-thirds of data breaches. On the other hand, Trojan type malware is on the decline: since peaking at just under 50 per cent of all breaches in 2016, it has since dropped to a mere sixth of what it was at that time (6.5 per cent).

4. Attackers were perpetrated more by outsiders than insiders

The data shows that 70 per cent of the breaches were perpetrated by external actors; the other 30 per cent was by internal actors.

5. Errors become ubiquitous

The research shows that errors are now equally as common as social breaches, and more common than malware. Only hacking ranks higher, and this is down to credential theft and use.