BR +55 11 3069 3925 | USA +1 469 620 7643

  • BLOG
  • Português
  • BR +55 11 3069 3925 | USA +1 469 620 7643
  • Português
logo senhasegura
  • SOLUTIONS
  • PRODUCTS
  • SERVICES AND SUPPORT
  • PARTNERS
  • COMPANY
  • CONTACT
  • DEMO

Compliance

and Audit

Audit

PCI DSS

SOX

ISO 27001

HIPAA

NIST

GDPR

ISA 62443 |

Industry 4.0

Security and

Risk Management

Privilege Abuse

Third Party Access

Privileged Access Recording

Insider Threat

Data Theft Prevention

Hardcoded Passwords

Password Reset

Solutions

By Industry

Energy and Utilities

Financial

Government

Health Care

Legal

Telecoms

Retail

senhasegura

Testimonials

See Testimonials

360º Privilege Platform

Account and

Session

PAM Core

Domum

Remote Access

MySafe

GO Endpoint

Manager

GO Endpoint

Manager Windows

GO Endpoint

Manager Linux

DevOps Secret

Manager

DevOps Secret

Manager

Multi

Cloud

Cloud IAM

Cloud Entitlements

Certificate

Manager

Certificate

Manager

Privileged

Infrastructure

PAM Crypto Appliance

PAM Load Balancer

Delivery : On Cloud (SaaS) | On-premises | Hybrid

Services

and Support

Documentation

Solution Center

Suggestions

Training and Certification

Deployment and Consulting

PAMaturity

PAM 360º

Support Policy

senhasegura

Resources

Rich Materials

Customer Cases

Webinars Calendar

senhasegura Stickers

BLOG

CONTENT

Is your company really prepared for a cyber attack?

The Pillars of Information Security

7 signs that your company needs to improve the security of sensitive data

See more articles about cybersecurity

Technical

Information

How it works

Product Archicture

Integration

Security

High availability and contingency

Privileged Auditing (Configuration)

Privileged Change Audit

Features and

Functionalities

ITSM Integration

Behavior Analysis

Threat Analysis

Privileged Information Protection

Scan Discovery

Task Management

Session Management (PSM)

Application Identity (AAPM)

SSH Key Management

Affinity Partner

Program

About the Program

Become a Partner

MSSP Affinity Partner Program

Security Alliance Program

Academy | E-learning for Certification

Affinity

Portal

Portal dedicated only for Partners to find commercial, marketing supporting materials and certification program of senhasegura.

Access Partner Portal

Opportunity

Booking

For our Commercial Team to support your sale more effectively, request your opportunity booking here.

Opportunity Booking Request

Find a

Partner

We work together to offer a better solution for your company.

Check all senhasegura partners

About

Company

About us

Achievements

Why senhasegura

Press Release

Press Room

Events

Career

Presence in the World

Terms of Use

End User License Agreement (EULA)

Privacy and Cookie Policy

Information Security Policy

Certification at senhasegura

senhasegura

Testimonials

See Testimonials

Latest Reports

and Awards

KuppingerCole Leadership Compass Report for PAM 2023

Frost & Sullivan Customer Value Leadership Award 2022

Gartner PAM Magic Quadrant 2021 Report

KuppingerCole Leadership Compass: PAM 2021

GigaOm Radar Report 2021

Gartner PAM Magic Quadrant 2020

Gartner Critical Capabilities for PAM 2020

Information Services Group, Inc. (ISG)

KuppingerCole Leadership Compass: PAM 2020

Contact our team

Request a Demonstration

Verizon Data Breach Investigation Report 2021: What You Need to Know About This Report

by senhasegura Blog Team | Jun 25, 2022 | BLOG

Human interaction with IT structures represents one of the main cyber threats faced by organizations of the most diverse sizes and industries. 

This is just one of the important pieces of information extracted from the Verizon Data Breach Investigation Report 2021, issued by telecommunications service provider Verizon.

The document reveals aspects of extreme relevance for organizations that wish to anticipate problems such as cyberattacks and data leaks, avoiding a series of inconveniences and losses.

In this article, we explain what exactly this report is and how you can use this data in your company’s favor. Check out our list of topics below:

  • Verizon Data Breach Investigation Report 2021: What Is This Report?
  • Data Extracted from the Verizon Data Breach Investigation Report 2021
  • Is Verizon Data Breach Investigation Report Reliable?
  • What Should Be Done in Practical Terms with the Information in the Report?
  1. About senhasegura
  2. Conclusion

Follow our text to the end!

Verizon Data Breach Investigation Report 2021

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

13 + 10 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

Verizon Data Breach Investigation Report 2021: What Is This Report?

The Verizon Data Breach Report consists of an annual report, published by telecommunications service provider Verizon, on security incidents and data breaches that occurred in the previous year.

In this report, information is shared about the different types of attacks and vulnerabilities, also indicating the main changes that have occurred in the world when it comes to cybersecurity. 

For the 2021 edition, prepared with the collaboration of 83 companies, 29,207 real security incidents were analyzed, which – according to Verizon – would have compromised the integrity, confidentiality, or availability of information assets. 

Of this total, 5,258 violations were confirmed, which resulted in the unauthorized propagation of data. 

In the next topic, we cover some important information extracted from the Verizon Data Breach Investigation Report 2021. Continue reading and check it out. 

Data Extracted from the Verizon Data Breach Investigation Report 2021

The following are the main data collected by the Verizon Data Breach Report for its 2021 edition:

  • 61% of Cyberattacks Surveyed Involved Privileged Credentials

Privileged credentials are among the main vectors of attacks by malicious agents and, according to the Verizon Data Breach Report, they motivated 61% of cyberattacks performed in 2021.

Therefore, organizations must adopt protective measures, raising awareness and training their employees so they can avoid risks, and adopting solutions such as PAM, which makes it possible to reduce insider and external threats.

  • Privilege Abuse Was the Cause of 70% of Attacks Involving Misuse of Credentials

Many organizations fail to apply the principle of least privilege, which grants each human user or machine only the required access to perform their activities. 

As a result, they face internal risks, such as the privileges granted to active or dismissed employees.

The abuse of these privileges, granted in excess or not revoked, has caused 70% of attacks related to the misuse of credentials, according to the Verizon Data Breach Report.

  • Phishing Is the Main Tactic Used by Malicious Attackers

Phishing is a cyberattack in which the hacker uses the identity of a legitimate institution, gaining the trust of its victims to steal sensitive data, such as banking information.

Very common, this type of crime is the main approach applied by malicious attackers, according to Verizon Data Breach Report. For this reason, organizations must train their employees to avoid this threat.

For that, it is possible to perform exercises that simulate phishing campaigns, preparing users to detect it. 

 

  • 30% of Attacks Involved Social Engineering

The Verizon Data Breach Report reveals another factor that poses a major risk to the cybersecurity of organizations is related to the behavior of unsuspecting or poorly trained users, who may become victims of social engineering attacks.

This technique is widely used by malicious attackers to persuade their victims to send sensitive data or perform actions that facilitate their actions.

Information collected by the Verizon Data Breach Report points out that 1,761 social engineering attacks carried out in 2021 resulted in the disclosure of data, which often generated the loss of credentials, usually used in hacker and malware attacks.

Another relevant information is that most of these attacks were detected externally, showing that IT and security teams, system administrators, and employees of organizations would not be aware of these crimes. 

 

  • Attacks Involving Cloud Are Increasing

The use of cloud-based solutions grew exponentially with the Covid-19 pandemic, which imposed social distancing, making room for remote work.

In addition, companies were able to know all the advantages related to these services, which include more speed and scalability.

However, despite its numerous benefits, the adoption of cloud computing challenges those who are concerned with ensuring digital security.

This is because many human users and machines use privileged credentials to access cloud resources, increasing the attack surface and risks.

In the Verizon Data Breach Report, it is possible to verify that, among the attacked assets, those from the external cloud were more common than the local ones. This information reinforces that hackers can take advantage of the lack of visibility inherent in cloud environments.

  • The Human Aspect Was Involved in 85% of the Attacks

Often, unintended incidents, such as the incorrect configuration of database assets, directly compromise an organization’s cybersecurity, as evidenced by the Verizon Data Breach Report.

In this latest version of the report, Verizon has detected and assessed 919 incidents, 896 with confirmed data propagation. Among the compromised information, 79% were personal data, 17% were from physicians, 13% related to banks, and 13% to credentials.

Moreover, it was noticed that 50% of violations generated by human errors are caused by administrators and 30% by developers, with incorrect configurations representing 50% of these errors and incorrect deliveries representing 30%. 

Also, according to Verizon, data storage was observed being placed on the internet without controls and searched by security researchers.

Is Verizon Data Breach Investigation Report Reliable?

The Verizon Data Breach Report is a widely known and respected annual report, being one of the best in the world when it comes to violations and incidents globally. 

It consists of a totally impartial initiative, since it does not promote any product or service. In addition, data are collected from institutions around the world, which makes it truly global. 

This data is used to understand and share what are the vulnerabilities that generate violations and incidents, considering the technical and human risks. 

Verizon works with transparency both with regard to its sources and the data analysis process. 

What Should Be Done in Practical Terms with the Information in the Report?

Now that you have checked the key information raised by the Verizon Data Breach Report, you may be wondering what to do with this data in practice. 

First, it is essential to analyze human risk factors and prioritize the key threats faced in this regard by your company, managing these risks more effectively. 

It is also extremely important to use the Verizon Data Breach Report as a support instrument, showing the organization’s leaders the relevance of human risk and why it is recommended to invest in awareness and training of employees who interact with the IT environment.

Check out the main points to be considered below:

  • Awareness first: In this latest report, Verizon ranked the top risk factors for eleven different industries, recommending the Center for Internet Security’s top three controls to manage the risks of each of them. The only common control for all areas was Security Awareness and Training.
  • People are a major risk factor: 85% of the violations raised by the report are related to human interaction. Therefore, it is not enough for companies to adopt a technology-only strategy to eliminate risks and ensure cybersecurity. After all, the intention is not to protect the assets themselves, but the organization as a whole, which includes its employees. 
  • Human errors generate many disruptions: many companies focus their security strategies on explicit threats such as the actions of malicious attackers. However, 20% of violations are caused by a human error committed by people trying to work the right way. 

Among these errors, the incorrect configuration of cloud accounts stands out, which results in the sharing of the organization’s data with the wrong people. Therefore, it is highly recommended to have a solution that solves this type of failure and a professional responsible for it. 

  • The two main types of attacks are associated with phishing and passwords: so, if you do not know where to start training your employees to get better human risk management, start with these elements, which should be an essential part of an awareness plan.

About senhasegura

We, from senhasegura, are part of the group of information security companies MT4 Tecnologia, founded in 2001, and we aim to provide digital sovereignty to our customers through the control of privileged actions and data.

With this, we prevent data leaks and theft, as we manage privileged permissions before, during, and after access through machine automation. We work to:

  • Optimize the performance of companies, avoiding interruption of operations; 
  • Perform automatic audits on the use of permissions;
  • Audit privileged changes to detect abuse of privilege automatically;
  • Provide advanced solutions with the PAM Security Platform;
  • Reduce cyber threats; and
  • Bring the organizations that hire us into compliance with audit requirements and standards such as PCI DSS, Sarbanes-Oxley, ISO 27001, and HIPAA.

Conclusion

In this article, you saw that:

  • The Verizon Data Breach Report is an annual report on security incidents and data breaches that occurred in the previous year;
  • According to this report, the threats generated by human actions and errors stand out among the main risks faced by companies, in addition to the increase in attacks involving cloud solutions and attacks associated with privileged credentials;
  • The Verizon Data Breach Report is extremely reliable and recognized, also characterized by its transparency and impartiality;
  • It points out the need to invest in awareness and training of all professionals in a company and can be shared with leaders to seek support in this regard.

We hope this article has clarified your key questions about Verizon Data Breach Report and can be shared with more people.

 

ALSO READ IN SENHASEGURA’S BLOG

Configuration Management Database (CMDB): Learn More About It

Cybersecurity Risk Assessment According to ISA/IEC 62443-3-2

What is NIST and Why Is It Critical to Cybersecurity?

← Building Digital Manufacturing Through PAM How Does PAM Assist in Hiring Cyber Insurance? →

senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...
Read More

How User and Entity Behavior Analytics Helps Cybersecurity

Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...
Read More

Best Practices for Consolidating Active Directory

This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...
Read More

senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...
Read More

CISA and FBI Release ESXiArgs Ransomware Recovery Script

The US Cyber Security and Infrastructure Agency (CISA) and the Federal Bureau of Investigation (FBI) released this week a recovery guide for the ESXiArgs ransomware, which has harmed thousands of companies globally. This was because malicious attackers were allegedly...
Read More
Copyright 2023 senhasegura | All Rights Reserved | Powered by MT4 Group