Professional, Scientific and Technical Services

  • Summary

    The combination of the System Intrusion and Social Engineering patterns account for the majority of cases in this sector. The Use of stolen credentials is widespread, and employees have a definite tendency to fall for Social tactics.


    1,892 Incidents, 630 with confirmed data disclosure

    Top Patterns

    System Intrusion, Social Engineering and Basic Web Application Attacks represent 81% of breaches

    Threat Actors

    External (73%), Internal (26%) (breaches)

    Actor Motives

    Financial (97%), Espionage (2%), Grudge (1%) (breaches)

    Data compromised

    Credentials (63%), Personal (49%), Other (21%), Bank (9%) (breaches)

    Top IG1 Protective Controls

    Security Awareness and Skills Training (14), Access Control Management (6), Secure Configuration of Enterprise Assets and Software (4)

  • If Professional Services is your sector, you know that it is at best an eclectic NAICS code, with members that have wildly different footprints in terms of attack surfaces. One thing they seem to have in common is their reliance on internet connected infrastructure, and the risk inherent in that architecture. The System Intrusion and Social Engineering patterns competing the top slots illustrates not only the vulnerability of that infrastructure, but also of the employees of these organizations (Figure 113). 

    The actors behind the System Intrusion pattern have some powerful tools at their disposal to gain access to their targets. Some of these cases began with the Use of stolen credentials or Exploiting a vulnerability, and ended with Malware being dropped on their victims. Frequently that malware was Ransomware, leading to extortion demands and downtime. The overall rise of Ransomware is something we’ve talked about in prior DBIRs, and the trend shows no signs of slowing. The growing tactic of the adversaries taking a copy of the data as a prod to help encourage their victims to pay up (which we saw begin just after the data collection period had ended for last year’s report) has become increasingly popular as well. Thus we see a rise of Ransomware cases where there is also a confirmed data breach, as these actors post copies of their victim’s data on the internet.

  • Figure 113
  • Combine this with the Social Engineering pattern, and you have to worry about not only your infrastructure, but your people’s ability to withstand Social tactics as well. Phishing was the leading Social action, but we also saw a good representation of Pretexting via email (Figure 114). 

  • Phishing was the leading Social action, but we also saw a good representation of Pretexting via email

    When you have the use of an invented scenario, the follow-on action is frequently an attempt to get money. This shows up in our data as a Fraudulent transaction and is represented along with the Integrity violation of Alter behavior when someone falls for the Social action (Figure 115).

  • Figure 114
  • Figure 115

Let's get started.