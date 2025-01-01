DBIR Report 2022 - Professional Services Data Breaches Business

You may now close this message and continue to your article. 3,566 incidents, 681 with confirmed data disclosureSystem Intrusion, Basic Web Application Attacks, and Social Engineering represent 89% of breachesExternal (84%), Internal (17%), Multiple (1%) (breaches)Financial (90%), Espionage (10%) (breaches)Credentials (56%), Personal (48%), Other (26%), Internal (14%) (breaches)Security Awareness and Skills Training (CSC 14), Access Control Management (CSC 6), Secure Configuration of Enterprise Assets and Software (CSC 4)The top three attack patterns remain System Intrusion, Basic Web Application Attacks and Social Engineering, but they have changed order compared to last year's report. Denial of Service attacks are a serious problem in this industry, and while they rarely result in a data breach, they can still have significant impact. The System Intrusion attack pattern is the first position again this year, while Social attacks are less prominent, but still in the top three. 5-Year difference,3-Year differenceNo change,No changeLess,LessGreater,GreaterDifference with peers Greater No change No changeAs a NAICS code with the name of Professional, Scientific and Technical Services might imply, this sector relies on their internet presence to provide their highly skilled offerings to their customers. This means that when they are hit with a DoS attack, particularly the higher volume distributed varieties, they definitely feel the impact. This past year has been a hard one for this sector, with the DoS attacks accounting for almost half of the incidents recorded. And even though this type of attack rarely leads to a reportable data breach, it can still do significant damage to the victim. Moving to breaches, the System Intrusion pattern remained at the top of our pyramid, while Basic Web Application Attacks and Social Engineering switched places. So, the same players remain on the field, they are simply playing different positions. The perpetrators of these top three attack patterns tend to be External. The internal actor breaches were down this year by comparison to last year's report. Surprisingly we saw a small uptick in the multiple actor breaches in this sector this year. These are when an external actor recruits an internal or partner actor to help them out with the breach activities. Sometimes they are paid for their troubles, and sometimes it is a more subtle form of influence by an acquaintance or significant other exerting pressure on the person with the access to data. Either way, the result is a breach that can be more difficult to detect, since it is someone on the inside facilitating the access under the guise of conducting their regular duties. Looking back over the years in this sector, the Miscellaneous Errors pattern was in the top three. However, as Figure 99 shows, in 2019, the System Intrusion pattern began its meteoric rise to the top, eventually far surpassing Errors. This sector mirrors the overall dataset in terms of the top attack patterns. The top three here are the top three patterns in the full dataset, so clearly, these patterns are holding sway in a number of business categories. 