The combination of the System Intrusion and Social Engineering patterns account for the majority of cases in this sector. The Use of stolen credentials is widespread, and employees have a definite tendency to fall for Social tactics.
1,892 Incidents, 630 with confirmed data disclosure
System Intrusion, Social Engineering and Basic Web Application Attacks represent 81% of breaches
External (73%), Internal (26%) (breaches)
Financial (97%), Espionage (2%), Grudge (1%) (breaches)
Credentials (63%), Personal (49%), Other (21%), Bank (9%) (breaches)
Top IG1 Protective Controls
Security Awareness and Skills Training (14), Access Control Management (6), Secure Configuration of Enterprise Assets and Software (4)
Professional, Scientific and Technical Services
- 2021 DBIR
- DBIR Master's Guide
- Results and Analysis
- Incident Classification Patterns
- Data Breach Statistics By Industry
- Accommodation Food Services
- Entertainment Data Breaches
- Educational Services Data Breaches
- Financial Services Data Breaches
- Healthcare Data Breaches Security
- Information Industry Data Breaches
- Manufacturing Data Breaches
- Energy Utilities Data Breaches
- Professional Technical Scientific Services
- Public Administration Data Breaches
- Retail Data Breaches Security
- SMB Data Breaches Deep Dive
- Introduction by Regions
- Year in Review 2021
- 2021 DBIR Corrections
- Download the full report (PDF)
If Professional Services is your sector, you know that it is at best an eclectic NAICS code, with members that have wildly different footprints in terms of attack surfaces. One thing they seem to have in common is their reliance on internet connected infrastructure, and the risk inherent in that architecture. The System Intrusion and Social Engineering patterns competing the top slots illustrates not only the vulnerability of that infrastructure, but also of the employees of these organizations (Figure 113).
The actors behind the System Intrusion pattern have some powerful tools at their disposal to gain access to their targets. Some of these cases began with the Use of stolen credentials or Exploiting a vulnerability, and ended with Malware being dropped on their victims. Frequently that malware was Ransomware, leading to extortion demands and downtime. The overall rise of Ransomware is something we’ve talked about in prior DBIRs, and the trend shows no signs of slowing. The growing tactic of the adversaries taking a copy of the data as a prod to help encourage their victims to pay up (which we saw begin just after the data collection period had ended for last year’s report) has become increasingly popular as well. Thus we see a rise of Ransomware cases where there is also a confirmed data breach, as these actors post copies of their victim’s data on the internet.
Combine this with the Social Engineering pattern, and you have to worry about not only your infrastructure, but your people’s ability to withstand Social tactics as well. Phishing was the leading Social action, but we also saw a good representation of Pretexting via email (Figure 114).
Phishing was the leading Social action, but we also saw a good representation of Pretexting via email
When you have the use of an invented scenario, the follow-on action is frequently an attempt to get money. This shows up in our data as a Fraudulent transaction and is represented along with the Integrity violation of Alter behavior when someone falls for the Social action (Figure 115).
Let's get started.
Choose your country to view contact details.
- Select Country...
- Costa Rica
- Hong Kong
- New Zealand
- United Kingdom
- United States
Call for Sales.
Or we'll call you.