- 2020 DBIR
- DBIR Cheat sheet
- Summary of findings
- Results and analysis
- Incident classification patterns and subsets
- Industry analysis
- Does size matter? A deep dive into SMB Breaches
- Regional analysis
- CIS Control recommendations
- Year in review
- Appendices (PDF)
- Download the full report (PDF)
Even though there are a relatively small number of incidents and breaches recorded in the region, the results clearly show consistency with the global dataset. Denial of Service attacks are seen with a higher intensity than expected, and ransomware incidents are a serious problem.
87 incidents, 14 with confirmed data disclosure
Denial of Service, Crimeware and Web Applications represent 91% of incidents
External (93%), Internal (7%), Partner (1%), Multiple (1%) (incidents)
Financial (52%-87%), Espionage/Ideology (2%-27% each), Fun/Grudge (0%-15% each), Convenience/Fear/Other/Secondary (0%-8% each) (incidents)
Credentials, Personal, Internal, Secrets and System (incidents)
Data Analysis Notes
Actor motives are represented by percentage ranges, as only 24 incidents had a known motive.
It’s the law—or not
Before we begin, it is important to point out that not all of the countries in this region have a legal requirement to notify of a data breach either to the government or to those affected, with the notable exceptions of Mexico, Brazil (whose data protection law is only effective since February 2020) and Colombia (where only the government is required to be notified). As such, we can surely expect a significant under-reporting of incidents and breaches in the region. It should be interesting to see if, as in other areas of the world where new disclosure laws are passed, the reporting ramps up and we find that it was just the tip of the iceberg being reported before. Hopefully we can entice new contributors in this region to increase the quality of our data. (Is this you? Let’s talk.)
All things considered, we see a clear mirroring of the data we have available for the region in the global dataset. The majority of actors in all incidents are External, with the 93% in the region being very similar to the 92% of the entire dataset. Likewise, 52% to 87% of incidents were financially motivated in this region, while 64% were so motivated in the global data.
The top patterns for incidents are also consistent with the larger dataset, with Denial of Service representing between 50% to 70%, while Crimeware, Web Applications and Everything Else are tightly grouped with each other (Figure 132). Crimeware is largely made up of incidents involving Ransomware, which have a very strong showing in the region in relation to other action varieties.
For all those similarities, this region had the largest median bits per second (BPS) by far—with 9 Gbps in this region where the global median was just a little over 500 Mbps (Figure 133). This higher intensity is in line with what one would expect from Denial of Service attacks against Financial organizations, which were over-represented in our DDoS data in the region.
One of the things that has been reinforced in analyzing the data across the different regions is that regardless of whether a specific country is represented in the dataset from year to year, all countries are seeing similar types of attacks. Time and again we see that the adversaries are not adjusting their tactics based on the geographic location of their victims. They adjust their attacks based on what the need to do to gain access. So, while we have seen some differences across the regions, we are consistently finding that the kinds of attacks are common to all.