• Pandemic-induced changes in working practices increase security risks
• Financial gain remains first priority of cyber criminals
• But organised crime is getting more organised
• However, recognition of cyber attack patterns can confer "Defender's Advantage"

As is becoming evident, the global coronavirus pandemic, far from stopping cybercrime in its tracks or even minimising it, has spurred criminals to increase their attacks as the world lurches suddenly into a new era where remote working will be the norm for many millions of people. Today sees the publication of the Verizon Business 2020 Data Breach Investigations Report which shows that network security is even more important now as hacking, phishing and assaults on cloud-based data intensify and multiply.

Unsurprisingly the vast majority of cyber-criminals are still primarily motivated by getting their grubby paws on someone else's money. The new report shows that 86 per cent of all attacks were for financial gain, up from 71 per cent in 2019 and cloud-based data has become a prime target. Attacks here doubled to 43 per cent. As usual the majority of criminal incursions were from external actors. They accounted for 70 per cent of breaches and 55 per cent of those were the result of organised crime. Sixty seven per cent of incursions were down to phishing attacks and email incursions, although 22 per cent were attributable to "human error".

Stolen credentials were used in 80 per cent of successful web application attacks, an ominous trend as more and more company data is moved into a cloud environment. Ransomware remains a potent threat but is down on last year, having fallen from 24 per cent to 17 per cent of malware attacks. Some 18 per cent of respondents to Verizon's survey questions reported that they had successfully blocked at least one ransomware incursion over the past 12 months.

It remains the fact that the bigger the business the more enticing a target they are as far as cyber-criminals are concerned but they are also increasing their attacks on SMEs as they migrate data to the cloud and use more web-based tools and apps. It seems the thieves are finding it all too easy to steal and use the credentials necessary to gain access to SME data and processes. 

Commenting on the aforementioned trends, Tami Erwin, the CEO of Verizon Business, said, "As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount. In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious."

Pattern analysis to the rescue

The Verizon Business Report takes a detailed look at a range of 16 different industrial sectors and analyses their relative strengths and weaknesses where cyber-attacks are concerned.  For example, as far as the educational services sector is concerned a massive 80 per cent of malware attacks involved ransomware. The figure was also depressingly high in the public sector where it stood at 61 per cent. Things are better in manufacturing where 23 per cent of attacks were ranmsomware-based and human error accounted for 12 per cent of breaches while it was 33 per cent in the public sector.

Again unsurprisingly, the report reveals that in the retail sector 99 per cent of incidents were designed to gain access to customer payment details and  personal data (where access credential are a major focus) Interestingly, as two-factor authorisation and other security apps and systems come into increasing usage in shops and sores, criminals are moving away from attacks on Point of Sale devices and systems and turning their malign intent to web-based applications where security can still leave a lot to be desired.

Finance and insurance institutions have sophisticated security regimes in place, but, as we all know from various news stories and systems outages, when they are breached the results can be horrendous and long lasting, so banks and insurance companies spend a lot of time and money constantly checking to ensure the security of their systems but nonetheless can still fall victim to incursions. What's more, 30 per cent of the breaches reported to Verizon Business were a direct result of the move to online services as web application attacks were instigated via stolen credentials to gain access to cloud-based data. 

The report also takes in regional trends and shows that, in the US, 91 per cent of incursions were financially motivated and were effected via stolen credentials acquired either by hack attacks, phishing or pretexting. The financially-motivated incursion rate drops to 70 per cent in Europe and EMEA and to 63 per cent in the Asia Pacific region. In Europe and EMEA Denial of Service attacks top the bill and account for 80 per cent of malware incursions. Some 40 per cent of the breaches were in web applications that had been hacked with stolen credentials or via "known vulnerabilities". About 14 per cent were cyber-espionage attacks. In Asia Pacific, 63 per cent of attacks were to steal money or gain financial advantage and 28 per cent were phishing based.

The lead author of the report, Alex Pinto commented, "Security headlines often talk about spying, or grudge attacks, as a key driver for cyber-crime - our data shows that is not the case. Financial gain continues to drive organised crime to exploit system vulnerabilities or human error. The good news is that there is a lot that organisations can do to protect themselves, including the ability to track common patterns within cyber-attack journeys - a security game changer - that puts control back into the hands of organisations around the globe."

This refers to common and repeated patterns that are seen in cyber attacks which, if quickly investigated and analysed, can enable an organisation suffering an incursion to work out specifically where an attack is being targeted and by what access methodology, be that malware, denial of service, captured credentials etc. Such pattern analysis permits companies and organisations to gain a "Defender's Advantage" which can stop attacks almost as soon as they begin. 

The 2020 Data Breach Investigations Report from Verizon Business analysed input provided by 81 contributors from 81 countries all over the world covering 16 business sectors. It collated and deconstructed the details of 32,002 security alarms of which 3950 were confirmed as malicious attacks that breached the defences of businesses and organisations. The 2020 total is 1937 up on the figure for 2019, that's getting on for double what it was a year ago and is an augury that worse may very well be yet to come.