Verizon’s 2021 DBIR: Key Findings and Insights
Threats are increasing, but you can defend yourself against them. To do so, you need to know what threats will knock on your door, what kind of impact they can cause, and how to defend against them.
Today, I will summarize some key findings from Verizon’s comprehensive 2021 Data Breach Investigation Report (DBIR). Verizon analyzed 79,635 security incidents, which resulted in 5,258 confirmed data breaches (up from 3,950 in the 2020 edition).
This report is a substantial annual project, and Verizon did not do it alone. 83 different security organizations contributed — including Atos. In the coming days, my colleagues will publish industry-wise thoughts and analyses.
To begin, let’s dig into two of the most critical sections of Verizon’s 2021 report.
The first covers how much damage threats are causing today and why it’s critical to establish defenses against them proactively. The second outlines the eight most common threats you will face — and have to defend against — over the coming year.
Worse than you think: The impact of today’s biggest threats
Verizon’s report attaches some real numbers to the average cost of a modern security breach, providing a range of reported costs and financial losses associated with the different types of damage a breach can cause. By reviewing these numbers and adding them together, you can begin to define exactly how much an incident might cost.
Please note that Verizon used data reported by individuals and organizations of every size, resulting in a wide range of possible losses. When considering your potential losses, take your organization’s size into account.
Direct financial losses | Breaches (business email compromise and computer data breaches) caused a direct loss of anywhere between $250 – $1.6 million. Median loss: $30,000 |
Digital forensics and incident response (DFIR) costs | These costs ranged between $2,400 – $336,500. Median loss: $18,000 |
Legal costs | These costs ranged between $800 – $54,000 |
Impact on stock price | After a breach, organizations experience a devaluation of 5% |
Verizon’s report runs some rough calculations and determines that 95% of breaches will create a total impact ranging from $826 – $653,587, with the most significant breaches causing a multi-million-dollar impact.
Bottom line: While the total impact on individuals appears to be minor, medium to large organizations can expect to incur tens or hundreds of thousands of dollars in damages for every breach.
Verizon’s report is long and detailed — a must-read for any cybersecurity professional. We have only scratched the surface, so watch this space for more analysis and commentary.
Eight Attacks: Today’s Most Common Threat Patterns
Verizon’s report updated its threat patterns to align with today’s evolving threat landscape. Ultimately, they found that 99.3% of analyzed breaches and 99.6% of investigated incidents were caused by one of the following eight threat patterns:
Social engineering | 3,841 incidents involved social engineering, with most caused by phishing or business email compromise (BEC). Most also involved stolen credentials, and nearly half (1,767) resulted in confirmed data loss. |
Basic web application attacks | 4,862 incidents involved simple threats with direct objectives seeking low-hanging fruit — such as accessing email or web app data or distributing malware — after the initial application compromise. |
System intrusion | A new attack pattern, resulting in 3,710 incidents that involved complex, multi-step attacks. Most (70%) involved malware, and a significant minority (40%) involved hacking, stolen credentials, or brute force attacks. |
Miscellaneous errors | 919 incidents involved unintentional mistakes, such as misconfigured database assets or employees sending data to the wrong recipient. The majority (896) of these incidents resulted in confirmed data loss. |
Privilege misuse | 265 incidents involved privilege abuse by financially motivated internal actors performing fraud, with 222 of these incidents resulting in confirmed data loss. Most often, personal information was stolen. |
Lost and stolen assets | 1,295 incidents involved lost or stolen devices, with 57% of incidents involving missing desktops or laptops. However, the report notes that 2020 was a non-representative year for these incidents due to work-from-home. |
Denial of service | 14,335 incidents involved attackers compromising network and system availability. While preventable, DDoS attacks were unpredictable and followed multiple patterns and packet types and sizes. |
Everything else | The remaining 129 incidents involved a grab bag of threat patterns, primarily based around breaches of an organization’s physical security. |
Bottom line: Organizations face a wide range of threats, each of which can result in a breach, a ransom demand, data loss and any number of adverse outcomes. Organizations require an equally wide range of defenses to protect themselves.
Take the Next Step: Defend Against Today’s Threats
Verizon’s report is long and detailed — a must-read for any cybersecurity professional. Our brief blog has only scratched the surface, so watch this space for more analysis and commentary from our cybersecurity experts. However, we want to make two points abundantly clear:
A breach will cost your organization a significant amount of direct or indirect financial loss — justifying the expense of robust, preventative cybersecurity.
There is no single threat pattern to defend against — your cybersecurity investments must span a wide range of services and capabilities.
To learn more and dig into the details, access your copy of Verizon's report.
To discuss the report’s findings and learn how to build effective defenses against today’s threats, contact Atos today for a free, no-obligation consultation with a cybersecurity expert.
By Jose Varghese, Atos Global Domain Head of Security Operations Center(SOC)
Posted on May 14