Authored by: Carolyn Crandall, Chief Security Advocate, Attivo Networks – The Verizon Data Breach Investigations Report (DBIR) is always hotly anticipated by those in the cybersecurity industry, and the 2021 edition is no exception. While last year’s report analyzed data collected before the COVID-19 pandemic had begun in earnest, the 2021 report provides an in-depth look at how attack patterns evolved amid a tumultuous 2020. To create this year’s DBIR, Verizon analyzed nearly 80,000 recorded incidents from 88 countries, providing readers a data-rich breakdown of the state of cybersecurity amid the pandemic.
Written by: Carolyn Crandall, Attivo Networks Chief Deception Officer & CMO Today, we take a look into the annual Verizon Data Breach Investigation Report (DBIR) from Verizon Enterprise Solutions. The 2018 report examined over 53,000 incidents and 2,216 confirmed data breaches. As with past Verizon reports, the findings underscore an increasingly stark reality –cybercrime continues to have a far-reaching impact on (and incur growing costs for) businesses across all regions and industries.
Last week Dow Jones, the business and financial news company that owns the Wall Street Journal, admitted that 2.2 million customers’ details were exposed due to an Amazon S3 bucket misconfiguration. They are not alone and follow similar mishaps reported by Verizon, World Wrestling Entertainment, and Scottrade. They all share a common root problem, user error that resulted in exposing the contents of their S3 buckets. There are now over one million authenticated AWS users and S3 misconfigurations are becoming all too common.
Well here we are again, and it is time to take the annual journey into our collection of real-world data breaches and information security incidents from the prior year. We have published this report nine times and we truly appreciate
you spending your valuable time with us, whether you have been with us since our humble, pie-chart-centric beginnings or if this is your first read. We would be remiss if we did not begin by acknowledging the organizations that contributed data (and time) to this publication. Simply stated, we thank you for helping to make this possible. For a full list of contributors, mosey over to Appendix B. The incident data is the workhorse of this report and is used to build out all the information within the Breach Trends and Incident Classification Patterns
sections. We use non-incident security data to paint a fuller picture in the
patterns as well as in stand-alone research. Any opportunity to take several
organizations’ data and combine them for a research topic was pursued. The
Gestalt principles in action!
The nine incident classification patterns we identified back in the 2014 report
still reign supreme. And while there are no drastic shifts that have established
a show-stopping talking point when looking at the patterns as a whole, we have
searched for interesting tidbits in the actions that comprise them.
This year’s dataset is made up of over 100,000 incidents, of which 3,141 were
confirmed data breaches. Of these, 64,199 incidents and 2,260 breaches
comprise the finalized dataset that was used in the analysis and figures
throughout the report. We address the reasons for culling the dataset in
Victim Demographics and provide additional details when we discuss motives
in Breach Trends. Of course, we would never suggest that every last security
event of 2015 is in this report. We acknowledge sample bias, and provide
information about our methodology as well as links to resources that we
encourage you to look into to help collect and analyze incident data within your
own organization, in Appendix E.
We will also acknowledge what isn’t in this report. For those looking for
proclamations about this being the year that mobile attacks bring us to
our knees or that the Internet of Things (IoT) is coming to kill us all, you will
be disappointed. We still do not have significant real-world data on these