• Summary

    This industry struggles with credential stealing botnets. Errors are also very common with Misconfiguration leading the way. From an incident perspective, DoS attacks accounted for the vast majority of attacks.


    2,935 incidents, 381 with confirmed data disclosure

    Top Patterns

    Basic Web Application Attacks, Miscellaneous Errors; and System Intrusion represent 83% of breaches

    Threat Actors

    External (66%), Internal (37%), Multiple (4%), Partner (1%) (breaches)

    Actor Motives

    Financial (88%), Espionage (9%), Grudge (2%), Convenience (1%), Fun (1%) (breaches)

    Data compromised

    Personal (70%), Credentials (32%), Other (27%), Internal (12%) (breaches)

    Top IG1 Protective Controls

    Security Awareness and Skills Training (14), Secure Configuration of Enterprise Assets and Software (4), Access Control Management (6)

  • Errors and accidents, depending on your world view, are either natural occurrences of complex systems or the fault of an intern who overcame your organization’s robust and well-crafted safeguards. Regardless of your opinions on errors, they certainly are not uncommon in the Information sector. The pattern of Miscellaneous Errors, along with Basic Web Application Attacks and System Intrusion, accounted for 83% of breaches in this vertical.

    In terms of the types of Errors seen, Misconfigurations accounted for over 70% of all Errors in this industry (Figure 106). This was followed by a three-way tie of Misdeliveries, Programming and Publishing Errors. With this combination, it shouldn’t be a surprise that System Engineers (or are they called DevOps 24/7 Super Engineers?) had a strong showing in terms of the Internal actors responsible for those breaches. While the overall percentage of Error breaches hasn’t increased over the last few years, it remains a persistent issue facing organizations in this sector.

  • Figure
  • When organizations discover that something unpleasant has occurred, External actors typically delivered the news (Figure 107). We found that 50% of the breaches were disclosed by the bad actor themselves, which sounds helpful of them, but really isn’t. This is usually done either when a ransom note politely informs you that you’re going to have a really bad day, or when actors openly share or sell your data on forums that are monitored by researchers and advisories alike—who then make the notification. Speaking of Security researchers, they accounted for 30% of these data breach discoveries. 

    If we look at only incidents, we find that this industry tends to be bombarded with DoS attacks, a trend that has been occurring ever since computers were networked, or at least since we’ve been doing this report (Figure 108). Of the incidents, DoS alone accounts for over 90% of the Hacking actions we observed, with the rest being credential-based attacks such as Brute forcing or the Use of stolen credentials. 

    We identified another interesting finding in the Information industry when we analyzed botnet-related breaches. This year, the amount of credential stealing botnet breaches targeting Information organizations overtook the Finance sector (Figure 109). Data is really the new oil, it seems.

  • Figure
  • Figure
  • Figure

Let's get started.