-
SummaryFinancially motivated attackers continue to steal credentials and leverage them against web application infrastructure. Social engineering in the form of phishing and pretexting is a common tactic used to gain access. This industry also suffers from Denial of Service attacks regularly.
Frequency
7,463 incidents, 326 with confirmed data disclosure
Top Patterns
Web Applications, Everything Else, and Miscellaneous Errors represent 79% of breaches
Threat Actor
External (75%), Internal (22%), Partner (3%), Multiple (1%) (breaches)
Actor Motives
Financial (93%), Espionage (8%), Ideology (1%) (breaches)
Data Compromised
Personal (75%), Credentials (45%), Other (32%), Internal (27%) (breaches)
Top Controls
Secure Configuration (CSC 5, CSC 11), Implement a Security Awareness and Training Program (CSC 17), Boundary Defense (CSC 12)
This industry is made up of a wide range of companies primarily offering service directly to customers. They range from Lawyers, Accountants and Architects to Research Labs and Consulting firms. They share some common traits—Their Internet presence is very important to the livelihood of the organization, and their employees are human and make mistakes.We mentioned the importance of their Internet presence to the members of this industry. This is why the Web Application attack pattern was seen so frequently this year (Figure 85). These attacks are driven by the use of stolen credentials (frequently obtained in phishing attacks, but also may be laying around on the web from another company’s breach, just waiting for some enterprising hacker to find). These attacks drive the theft of personal data in the sector, and given that there are always people willing to try their luck at using stolen credentials against whatever web infrastructure they encounter, are unlikely to end anytime in the near future.
- 2020 DBIR
- DBIR Cheat sheet
- Introduction
- Summary of findings
- Results and analysis
- Incident classification patterns and subsets
- Industry analysis
- Accommodation and Food Services
- Arts, Entertainment and Recreation
- Construction
- Educational Services
- Financial and Insurance
- Healthcare
- Information
- Manufacturing
- Mining, Quarrying, Oil & Gas Extraction + Utilities
- Other Services
- Professional, Scientific and Technical Services
- Public Administration
- Real Estate and Rental and Leasing
- Retail
- Transportation and Warehousing
- Does size matter? A deep dive into SMB Breaches
- Regional analysis
- Wrap-up
- CIS Control recommendations
- Year in review
- Appendices (PDF)
- Corrections
- Download the full report (PDF)
Please provide the information below to view the online Verizon Data Breach Investigations Report.
Thank You.
Thank You.
Thank you.
You may now close this message and continue to your article.