Cybercrime is still a major problem in 2020, with money being the key motive and small to medium-sized businesses facing increased risks, according to Verizon's 2020 Data Breach Investigations Report.
The report shows that financial gain remained the key driver for cybercrime, with 86% of breaches investigated in the report being financially-driven, up from its 2019 figure of 71%. The vast majority (70%) of breaches continued to be caused by external factors, with organised crime accounting for 55% of these.
After examining the causes of breaches, credential theft and social attacks such as phishing and business email compromises were the major reasons at 67%. Specifically, 37% of credential theft breaches used stolen or weak credentials; 25% involved phishing; while human error accounted for 22% of breaches.
The report also highlights a year-over-year two-fold increase in web application breaches to 43%, with stolen credentials being used in over 80% of these cases. Verizon said this was a worrying trend as business-critical workflows continue to move to the cloud.
"As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount. In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious," said Tami Erwin, CEO of Verizon Business.
Because using cloud- or web-based application is on the rise, the report also suggests that small and medium-sized businesses were prime targets for cyber-attackers. Phishing was the biggest threat for small organizations, accounting for over 30% of breaches, followed by the use of stolen credentials (27%) and password dumpers (16%).
As for the types of content, attackers targeted credentials, personal data, and other internal business-related data such as medical records, internal secrets or payment information. On that note, ransomware has also seen a slight increase. The report finds that 27% of malware incidents were related to ransomware, three percentage points higher than in 2019. 18% of organisations reported blocking at least one piece of ransomware in the last year as well.
The report includes a detailed analysis of 16 industries and has shown that while security remained a challenge across the board, there were significant differences across verticals. For example, in the retail industry, 99% of incidents were financially-motivated, with payment data and personal credentials being targeted. Web applications, rather than point of sale devices, are now the main cause of retail breaches.
"Financial gain continues to drive organised crime to exploit system vulnerabilities or human error. The good news is that there is a lot that organisations can do to protect themselves, including the ability to track common patterns within cyber-attack journeys - a security game changer - that puts control back into the hands of organisations around the globe," said Alex Pinto, lead author of the Verizon Data Breach Investigations Report.