Northern America (NA)

Summary

North American organizations suffered greatly from financially motivated attacks against their web application infrastructure this year. Hacking via the use of stolen credentials was most commonly seen, with social engineering attacks that encourage the sharing of those credentials following suit. Employee error was also routinely observed in our dataset. 
 

Frequency 

18,648 incidents, 920 with confirmed data disclosure 

Top Patterns 

Everything Else, Web Applications and Miscellaneous Errors represent 72% of all data breaches in Northern America.

Threat Actors

External (66%), Internal (31%) Partner (5%), Multiple (1%) (breaches)

Actor Motives

Financial (91%), Espionage (5%), Grudge (3%) (breaches)

Data Compromised 

Personal (43%), Credentials (43%), Other (35%), Internal (21%) (breaches)

The region designated as Northern America consists of the United States and Canada, as well as some outlying islands such as Bermuda.

There are a couple of factors that need to be kept in mind when looking at the findings below. First of all, this region accounts for 69% of all incidents and 55% of all breaches in our dataset this year. That does not mean that good security practice has disappeared into the Bermuda Triangle, though. Northern America has arguably some of the most robust data reporting standards⁴⁶ in existence, particularly in Healthcare and Public administration. Therefore, the number of incidents and breaches are likely to be higher than in areas with less stringent disclosure requirements. Also, it must be admitted that while this report is becomingly increasingly global in scope, many of our contributors are located in and are primarily concerned with Northern American organizations. As a result of these factors, outcomes for the North American region are not too dissimilar from the findings for the overall dataset. Nevertheless, there are a few interesting differences and highlights worthy of discussion.

Phish and whistle, whistle and phish⁴⁷

Everything Else is the top pattern for this region (Figure 117). That is due in large part to the number of financially motivated phishing attacks that we see across so many industries (Figure 118). In the past, we have observed that security awareness training can help limit the frequency and/or impact of phishing attacks. However, in some instances this training appears to be either not carried out at all, or delivered in an insufficient or inadequate manner. Whatever the reason, telling employees not to click phishing emails can be as effective as yelling “ear muffs” when you don’t want your child to hear something unpleasant.

See - this is why we can’t have anything nice

You don’t need external actors to harm your organization as long as your employees are willing to do their work for them. The number of internal actors is somewhat high (30%) this year for this region and for the dataset as a whole (Figure 121). This is explained by the prevalence of Error and Privilege Misuse actions. Both are caused by internal actors and both can be very damaging to an organization, but while error is unintentional, misuse can be (and often is) malicious in nature. 
 

Let’s take a quick look at the Error actions. As you can see in Figure 122, the vast majority of all error-related breaches are caused by Misdelivery (sending data to the incorrect recipient) and Misconfiguration (i.e, forgetting to secure to a storage bucket). For whatever reason, these Error types seem to be the peanut-butter-and-jelly sandwich of the breach world this year. Perhaps Internal actors are simply too busy trying to perfect their Renegade dance on TikTok these days; we do not know for sure. Whatever the reason, these errors are found in every industry and region, and in alarmingly large percentages. As mentioned elsewhere in this report, the vector for these errors is almost entirely carelessness on the part of the employee. 

Turning our attention to Misuse, we see a proliferation of Privilege abuse (56%). This is using legitimate access for an illegitimate purpose. Somewhat farther down the ladder, we see approximately equal percentages of Data mishandling and Possession abuse (Figure 123). No matter how you view it, this region would benefit from increased controls for Internal actors.