-
Summary
Web App attacks via vulnerability exploits and the Use of stolen credentials are prevalent in this industry. Errors continue to be a significant factor and are primarily made up of the Misconfiguration of cloud databases. Growth in Denial of Service attacks also remains a problem for the Information sector.
Frequency
5,741 incidents, 360 with confirmed data disclosure
Top Patterns
Web Applications, Miscellaneous Errors and Everything Else represent 88% of data breaches.
Threat Actors
External (67%), Internal (34%), Multiple (2%), Partner (1%) (breaches)
Actor Motives
Financial (88%), Espionage (7%), Fun (2%), Grudge (2%), Other (1%) (breaches)
Data Compromised
Personal (69%), Credentials (41%), Other (34%), Internal (16%) (breaches)
Top Controls
Secure Configurations (CSC 5, CSC 11), Continuous Vulnerability Management (CSC 3), Implement a Security Awareness and Training Program (CSC 17)
Come one, come all!
Welcome to the Information industry portion of the DBIR, and boy are you in for a treat! This section has it all: Web Applications attacks, errors, phishing and even some malware. The main three patterns witnessed in the NAICS 51 sector for 2019 were Web Application with over 40% of breaches, followed by Miscellaneous Errors, and at a distant third, Everything Else (Figure 72).
- 2020 DBIR
- DBIR Cheat sheet
- Introduction
- Summary of findings
- Results and analysis
- Incident classification patterns and subsets
- Industry analysis
- Accommodation and Food Services
- Arts, Entertainment and Recreation
- Construction
- Educational Services
- Financial and Insurance
- Healthcare
- Information
- Manufacturing
- Mining, Quarrying, Oil & Gas Extraction + Utilities
- Other Services
- Professional, Scientific and Technical Services
- Public Administration
- Real Estate and Rental and Leasing
- Retail
- Transportation and Warehousing
- Does size matter? A deep dive into SMB Breaches
- Regional analysis
- Wrap-up
- CIS Control recommendations
- Year in review
- Appendices (PDF)
- Corrections
- Download the full report (PDF)
-
Since 2019, Web Application attacks have increased significantly, both in terms of percentage and raw number of incidents. This is one that organizations in this industry should keep an eye out for, as adversaries are dividing their effort equally between utilizing web exploits and stolen credentials to gain access to your web applications. Considering this vertical has a high dependence on external services and the internet, one shouldn’t be too shocked to learn that this industry has a higher percentage of web application exploitations than other industries. However, based on our non-incident data, Information also has one of the highest percentages of vulnerability patching completed on time (Figure 73).
-
An anthem to errors
Errors are everywhere and the technical wizards that run our information infrastructure are not immune. This is why Errors are the second most common type of breach, maintaining relatively similar levels to previous years (this is not an area where consistency is a good thing). Misconfigurations are by far the most common type of errors, and largely relate to databases or file storages not being secured and directly exposed on a cloud service. These are the types of incidents that you hear security researchers discovering through simple trawling of the internet to see what’s exposed. The optimist in us hopes that as these new technologies become more commonly used, people will stop (or at least slow down) making these types of mistakes. On the other hand, the realist in us wouldn’t put any money on it.
You, sir, are a phish
Technical issues are not the only thing impacting this technology-based sector. Organizations in this vertical have fallen prey to the same type of social engineering attacks that affect everyone else. Most of these attacks fall into our Everything Else pattern and account for 16% of the breaches we saw in 2019. In terms of social attacks, there is a relatively even split between phishing and pretexting (the bad guy just asks for information via email or uses some existing conversation in order to make a more convincing request). One of the common techniques we’ve seen is the use of typo-squatted domains of partners that are used to send existing email threads or request an update to a bank account.
Fast speeds and full bandwidths
Big interweb pipes are a key part of this industry since consumers demand that videos load fast and website content gets updated at the speed of an unladen European swallow. Unfortunately, cybercriminals know how important that is, and have been persistently targeting this industry with DoS attacks to disrupt their services and capabilities. The 2019 data showed continued growth in terms of the percentage of DDoS incidents (Figure 74). Not only does this industry get targeted more than a red barrel in a first-person shooter, they’re also facing attacks with the second highest median BPS—meaning these attacks tend to pack a punch. Unfortunately for many companies, these attacks often need a helping hand to mitigate, so it helps to have a Player 2 in your corner.
