Verizon DBIR 2021: Ransomware, Phishing, Human Errors and More

Jun 06, 2021 / Kron

Cybersecurity threats are one of the biggest problems businesses face in the 21st century. With the accelerated pace of digitalization in recent years, various data breaches originating from ransomware, phishing, and social engineering have become more and more widespread. Accordingly, this year's Data Breach Investigations Report, an annual report published by Verizon, clearly reveals the increase in data breaches.

The Verizon DBIR 2021 report features the results of extensive research conducted on different types of cybersecurity breaches. The report mentions a significant increase in data breaches as a result of ransomware and phishing attacks. On the other hand, while there is a 5% decrease in human errors, it turns out that 85% of data breaches are caused by human errors. Also, attacks carried out to steal, manipulate, and destroy personal or corporate data now focus not only on credentials but also on personal information.

Verizon DBIR 2021: Latest Rates and Important Takeaways

The Verizon Data Breach Investigations Report 2021 features a detailed analysis of more than 79,000 security incidents. According to the report, 5,258 data breach cases were confirmed out of more than 79,000 incidents. These were mostly ransomware, phishing, social engineering, and credential incidents.

Ransomware: The report reveals that compared to last year, ransomware attacks have increased by around 10%. This increase puts ransomware attacks in third place among all types of breaches. The report also mentions the attackers' new methods and tactics, which are quite remarkable in their own way.
Phishing and social engineering: According to the report, the rate of phishing attacks has increased from 25% to 36% this year. All in all, the rate of social engineering attacks had the biggest increase, jumping from 22% to 35%. Business Email Compromises (BECs), phishing, and spam are among the most popular types of social engineering attacks. BECs attacks, which come in second after phishing in terms of the increase rate, increased 15 times compared to last year.
Human errors: In the report, data breach from human error is the only type of breach with a percentage decrease. In 2021, the rate of human error data breaches fell from 22% to 17%, despite the fact that research results show that the number of human error data breaches increased from 883 to 905.
Web attacks: Attacks on websites and applications are still increasing, as 80% of hacking attacks aim at web portals. Desktop sharing ranks second among the vectors that facilitate hacking actions.
Cloud assets: The Verizon DBIR 2021 report revealed that in data breach incidents, external cloud assets that create security breaches are more commonly used than on-premises assets. Nonetheless, there is a decrease in the number of breached assets (desktops and laptops).
Credentials: The report shows that, conventionally, breaches are largely driven by external factors focused on financial gain. Proof that some elements of cyber-attacks have never changed is that 61% of the compromised data is users' credentials.

As a result of the research conducted by Verizon, it was determined that only 14% of companies that experienced data security breaches did not suffer economic loss. The reported median loss of companies caused by breaches was found to be $21,659.

As clearly seen in the DBIR 2021, it is essential to utilize Privileged Access Management (PAM) solutions in order to save your company from various losses due to data breaches.

What is Privileged Access Management (PAM)?

PAM is used to detect, analyze, and monitor computer users who try to access the company’s sensitive data with cyber-attacks. Privileged Access Management enables you to secure your data sources and prevent the security breaches mentioned in Verizon DBIR 2021.

In other words, PAM makes it more practical and efficient to monitor, oversee, and manage privileged access to your company's critical assets. PAM applications store the credentials of the privileged accounts in the system in a secure storage medium, protecting them against the risk of being stolen and keeping them in a safety net consisting of five stages. At each stage, entries to the system are monitored, data security is ensured, and all transactions are recorded.

The stages of a PAM solution mainly include privileged session management, dynamic password controller, privileged task automation (PTA), two-factor authentication (2FA) and dynamic data masking. These stages ensure the security of data and prevent incidents caused by potential cyberattacks, or protect critical assets against internal and external threats.

Advanced Data Security with Single Connect

Single Connect, one of the world's best Privileged Access Management products, helps to protect critical data against both internal and external security breaches thanks to its multi-layered security structure. With its remarkable modular structure that includes all the components needed in a single PAM platform, Single Connect is also mentioned in the Gartner Magic Quadrant for Privileged Access Management (PAM) report.

Kron’s Single Connect features privileged session manager, dynamic password controller, privileged task automation (PTA), two-factor authentication (2FA), dynamic data masking, and unified access management (TACACS+/RADIUS) modules. These modules are fully compatible with the overall PAM structure.

Single Connect is an end-to-end PAM solution that provides a high level of data security against data breaches, cyber-attacks, and leaks. With its solid technical infrastructure, and functional modules, Single Connect is the ideal choice for protecting your company against the types of data breaches mentioned in theVerizon DBIR 2021.