Throughout 2020 we often heard the word unprecedented, seemingly in excess. Yet, for cybersecurity, it is an apt description of the challenges companies faced as they shifted to a work-from-home culture. These challenges — with phishing, ransomware, and social engineering as the reigning champions of attack vectors — are outlined in the 2021 Verizon Data Breach and Investigations Report.
The annual Verizon DBIR contains its analysis of security incidents and data breaches, categorized by sector. It’s worth noting that Coalition provided Verizon with access to our BinaryEdge internet scanning data for the DBIR.
DBIR key takeaways
Robust in its scope and length, the DBIR uses data from 83 contributors to review 29,207 incidents, over 5,258 of which were confirmed breaches. The frequency of some attack patterns was predictable based on trends in cybersecurity. Ransomware incidents doubled in frequency from last year, while others remained reliable constants. Denial of service (DoS) continued to be the most common attack pattern, and humans continued to be the leading cause of breaches.
Here are the highlights we believe are essential for our policyholders:
- Social engineering was the most successful attack vector
- The majority of social engineering incidents were discovered externally — meaning that “when employees are falling for the bait, they don’t realize they’ve been hooked.”
- Business Email Compromises (BEC) were the second most common form of social engineering
- Ransomware took third place in breaches — doubling its frequency from last year
- Financially motivated attacks continue to be the most common
- Older vulnerabilities that haven’t been patched are still being exploited
- SMB breaches increased from last year — companies with less than 1,000 employees had 1,037 incidents with 263 confirmed data disclosures.
The range in losses for ransomware attacks is noteworthy. According to the DBIR, the median amount was $11,150 while the range in losses for 95% of the cases fell between $70 and $1.2 million. Such a disparity is enough to make anyone nervous.
“This year, we’re displeased to report that we’ve seen yet another increase in Ransomware cases, which has been continuing on an upward trend since 2016 and now accounts for 5% of our total incidents. The novel fact is that 10% of all breaches now involve Ransomware.”
As any policyholder who has experienced a cybersecurity event knows, direct losses are not the only cost associated with an incident or breach: Digital Forensics and Incident Response (DFIR), legal counsel, fees, and reputation damage all factor into the total losses. As a cyber insurance leader, Coalition offers comprehensive insurance that helps your organization recover financially and operationally after a cybersecurity event.
The DBIR breakdown of fees associated with losses based on cyber insurance claims shows a wide range in costs where forensics are involved.
“Figure 42 provides an idea of what to expect in these areas based on cyber insurance claims. Each dot represents 2% of incidents. As you can see, 50% of incidents had no associated forensics costs. When forensics costs were present, 95% fell into the range of $2,400 to $336,500. Slightly fewer incidents had no associated legal costs, (36%). For the remaining 64%, 95% of the legal costs fell between $800 and $54,000.”
Take control. Coalition Control.
By now, you may feel overwhelmed; cybersecurity challenges are constantly evolving, and attackers are getting stealthier. Coalition can help.
We recently launched Coalition Control, a proactive approach to managing cyber risk through our integrated platform. The best part? Coalition Control is available for free. With your business email address alone, you gain access to Automated Scanning & Monitoring, which provides your organization with ongoing monitoring and reporting of your attack surface — yes — for free.
Inside Coalition Control is our partner technology ecosystem with access to significant savings on security solutions and services covering everything from endpoint detection and response (EDR) to identity and access management and remote network access.