Human interaction with IT structures represents one of the main cyber threats faced by organizations of the most diverse sizes and industries. 

This is just one of the important pieces of information extracted from the Verizon Data Breach Investigation Report 2021, issued by telecommunications service provider Verizon.

The document reveals aspects of extreme relevance for organizations that wish to anticipate problems such as cyberattacks and data leaks, avoiding a series of inconveniences and losses.

In this article, we explain what exactly this report is and how you can use this data in your company’s favor. Check out our list of topics below:

• Verizon Data Breach Investigation Report 2021: What Is This Report?

• Data Extracted from the Verizon Data Breach Investigation Report 2021

• Is Verizon Data Breach Investigation Report Reliable?

• What Should Be Done in Practical Terms with the Information in the Report?

1. About senhasegura
2. Conclusion

Follow our text to the end!

Verizon Data Breach Investigation Report 2021: What Is This Report?

The Verizon Data Breach Report consists of an annual report, published by telecommunications service provider Verizon, on security incidents and data breaches that occurred in the previous year.

In this report, information is shared about the different types of attacks and vulnerabilities, also indicating the main changes that have occurred in the world when it comes to cybersecurity. 

For the 2021 edition, prepared with the collaboration of 83 companies, 29,207 real security incidents were analyzed, which – according to Verizon – would have compromised the integrity, confidentiality, or availability of information assets. 

Of this total, 5,258 violations were confirmed, which resulted in the unauthorized propagation of data. 

In the next topic, we cover some important information extracted from the Verizon Data Breach Investigation Report 2021. Continue reading and check it out. 

Data Extracted from the Verizon Data Breach Investigation Report 2021

The following are the main data collected by the Verizon Data Breach Report for its 2021 edition:

• 61% of Cyberattacks Surveyed Involved Privileged Credentials

Privileged credentials are among the main vectors of attacks by malicious agents and, according to the Verizon Data Breach Report, they motivated 61% of cyberattacks performed in 2021.

Therefore, organizations must adopt protective measures, raising awareness and training their employees so they can avoid risks, and adopting solutions such as PAM, which makes it possible to reduce insider and external threats.

• Privilege Abuse Was the Cause of 70% of Attacks Involving Misuse of Credentials

Many organizations fail to apply the principle of least privilege, which grants each human user or machine only the required access to perform their activities. 

As a result, they face internal risks, such as the privileges granted to active or dismissed employees.

The abuse of these privileges, granted in excess or not revoked, has caused 70% of attacks related to the misuse of credentials, according to the Verizon Data Breach Report.

• Phishing Is the Main Tactic Used by Malicious Attackers

Phishing is a cyberattack in which the hacker uses the identity of a legitimate institution, gaining the trust of its victims to steal sensitive data, such as banking information.

Very common, this type of crime is the main approach applied by malicious attackers, according to Verizon Data Breach Report. For this reason, organizations must train their employees to avoid this threat.

For that, it is possible to perform exercises that simulate phishing campaigns, preparing users to detect it. 

• 30% of Attacks Involved Social Engineering

The Verizon Data Breach Report reveals another factor that poses a major risk to the cybersecurity of organizations is related to the behavior of unsuspecting or poorly trained users, who may become victims of social engineering attacks.

This technique is widely used by malicious attackers to persuade their victims to send sensitive data or perform actions that facilitate their actions.

Information collected by the Verizon Data Breach Report points out that 1,761 social engineering attacks carried out in 2021 resulted in the disclosure of data, which often generated the loss of credentials, usually used in hacker and malware attacks.

Another relevant information is that most of these attacks were detected externally, showing that IT and security teams, system administrators, and employees of organizations would not be aware of these crimes. 

• Attacks Involving Cloud Are Increasing

The use of cloud-based solutions grew exponentially with the Covid-19 pandemic, which imposed social distancing, making room for remote work.

In addition, companies were able to know all the advantages related to these services, which include more speed and scalability.

However, despite its numerous benefits, the adoption of cloud computing challenges those who are concerned with ensuring digital security.

This is because many human users and machines use privileged credentials to access cloud resources, increasing the attack surface and risks.

In the Verizon Data Breach Report, it is possible to verify that, among the attacked assets, those from the external cloud were more common than the local ones. This information reinforces that hackers can take advantage of the lack of visibility inherent in cloud environments.

• The Human Aspect Was Involved in 85% of the Attacks

Often, unintended incidents, such as the incorrect configuration of database assets, directly compromise an organization’s cybersecurity, as evidenced by the Verizon Data Breach Report.

In this latest version of the report, Verizon has detected and assessed 919 incidents, 896 with confirmed data propagation. Among the compromised information, 79% were personal data, 17% were from physicians, 13% related to banks, and 13% to credentials.

Moreover, it was noticed that 50% of violations generated by human errors are caused by administrators and 30% by developers, with incorrect configurations representing 50% of these errors and incorrect deliveries representing 30%. 

Also, according to Verizon, data storage was observed being placed on the internet without controls and searched by security researchers.

Is Verizon Data Breach Investigation Report Reliable?

The Verizon Data Breach Report is a widely known and respected annual report, being one of the best in the world when it comes to violations and incidents globally. 

It consists of a totally impartial initiative, since it does not promote any product or service. In addition, data are collected from institutions around the world, which makes it truly global. 

This data is used to understand and share what are the vulnerabilities that generate violations and incidents, considering the technical and human risks. 

Verizon works with transparency both with regard to its sources and the data analysis process. 

What Should Be Done in Practical Terms with the Information in the Report?

Now that you have checked the key information raised by the Verizon Data Breach Report, you may be wondering what to do with this data in practice. 

First, it is essential to analyze human risk factors and prioritize the key threats faced in this regard by your company, managing these risks more effectively. 

It is also extremely important to use the Verizon Data Breach Report as a support instrument, showing the organization’s leaders the relevance of human risk and why it is recommended to invest in awareness and training of employees who interact with the IT environment.

Check out the main points to be considered below:

• Awareness first: In this latest report, Verizon ranked the top risk factors for eleven different industries, recommending the Center for Internet Security’s top three controls to manage the risks of each of them. The only common control for all areas was Security Awareness and Training.

• People are a major risk factor: 85% of the violations raised by the report are related to human interaction. Therefore, it is not enough for companies to adopt a technology-only strategy to eliminate risks and ensure cybersecurity. After all, the intention is not to protect the assets themselves, but the organization as a whole, which includes its employees. 
• Human errors generate many disruptions: many companies focus their security strategies on explicit threats such as the actions of malicious attackers. However, 20% of violations are caused by a human error committed by people trying to work the right way. 

Among these errors, the incorrect configuration of cloud accounts stands out, which results in the sharing of the organization’s data with the wrong people. Therefore, it is highly recommended to have a solution that solves this type of failure and a professional responsible for it. 

• The two main types of attacks are associated with phishing and passwords: so, if you do not know where to start training your employees to get better human risk management, start with these elements, which should be an essential part of an awareness plan.

About senhasegura

We, from senhasegura, are part of the group of information security companies MT4 Tecnologia, founded in 2001, and we aim to provide digital sovereignty to our customers through the control of privileged actions and data.

With this, we prevent data leaks and theft, as we manage privileged permissions before, during, and after access through machine automation. We work to:

• Optimize the performance of companies, avoiding interruption of operations; 
• Perform automatic audits on the use of permissions;
• Audit privileged changes to detect abuse of privilege automatically;
• Provide advanced solutions with the PAM Security Platform;
• Reduce cyber threats; and
• Bring the organizations that hire us into compliance with audit requirements and standards such as PCI DSS, Sarbanes-Oxley, ISO 27001, and HIPAA.

Conclusion

In this article, you saw that:

• The Verizon Data Breach Report is an annual report on security incidents and data breaches that occurred in the previous year;
• According to this report, the threats generated by human actions and errors stand out among the main risks faced by companies, in addition to the increase in attacks involving cloud solutions and attacks associated with privileged credentials;
• The Verizon Data Breach Report is extremely reliable and recognized, also characterized by its transparency and impartiality;
• It points out the need to invest in awareness and training of all professionals in a company and can be shared with leaders to seek support in this regard.

We hope this article has clarified your key questions about Verizon Data Breach Report and can be shared with more people.

ALSO READ IN SENHASEGURA’S BLOG

Configuration Management Database (CMDB): Learn More About It

Cybersecurity Risk Assessment According to ISA/IEC 62443-3-2

What is NIST and Why Is It Critical to Cybersecurity?