-
Frequency
215 incidents, 96 with confirmed data disclosure
Top patterns
Basic Web Application Attacks, System Intrusion, and Miscellaneous Errors represent 80% of breaches
Threat actors
External (74%), Internal (26%) (breaches)
Actor motives
Financial (97%), Grudge (3%) (breaches)
Data compromised
Personal (66%), Credentials (49%), Other (23%), Medical (15%) (breaches)
Top IG1 protective controls
Security Awareness and Skills Training (CSC 14), Secure Configuration of Enterprise Assets and Software (CSC 4), Access Control Management (CSC 6)
What is the same?
The Patterns are the same, but the order is not. Medical data continues to be compromised in this industry.
Summary
The System Intrusion and Basic Web Application Attacks patterns exchanged positions, but the Miscellaneous Errors pattern held on to 3rd place on the podium. For incidents, Denial of Service attacks remain a problem in the sector, particularly for the Gambling industry.
Arts, Entertainment and Recreation
NAICS 71
- 2022 DBIR
- Master Guide
- Introduction
- Summary of Findings
- Results and Analysis Intro
- Results and Analysis - Intro to Patterns
- Results and Analysis - Not the Human Element
- Results and Analysis - Basic Web Application Attacks
- Industries
- Intro to Industries
- Accommodation and Food Services Data Breaches
- Arts and Entertainment Data Breaches
- Data Breaches in Education
- Financial Services Data Security Breaches
- Healthcare Data Breaches
- Information Industry Data Breaches
- Data Breaches in Manufacturing Industries
- Data Breaches in Energy & Utilities Industries
- Professional Services Data Breaches
- Public Administration Data Breaches
- Retail Data Breaches and Security
- Small Business Data Breach Statistics
- Intro to Regions
- Wrap Up
- Appendices
- Corrections
- Download the full report (PDF)
Please provide the information below to view the online Verizon Data Breach Investigations Report.
Thank You.
Thank you.
You will soon receive an email with a link to confirm your access, or follow the link below.
Thank you.
You may now close this message and continue to your article.
-
Patterns
5-Year difference
3-Year difference
Basic Web Application Attacks
No change
No change
System Intrusion
No change
No change
Miscellaneous Errors
No change
No change
-
Pattern
Difference with peers
Basic Web Application Attacks
No change
System Intrusion
Less
Miscellaneous Errors
Greater
-
This industry mainly covers live performances, and whether dance, theater or sporting events, the common thread is that none are pre-recorded for later broadcast. It also includes the gambling industry. One can only imagine the different attack surfaces that are present for the myriad organization types belonging to this NAICS code. Something many of them have in common, however, is that at least a portion of their infrastructure relies on the internet to perform critical functions, whether that is ticket sales or taking orders (or bets as the case may be). In any event, when a Denial of Service attack comes calling, it is a very unwelcome guest. Nevertheless, it is a frequent guest in this sector (particularly in the Gaming organizations in the APAC region), and represents over 20% of incidents.
With regard to breaches, the three patterns listed in the At-a-Glance table show the vulnerability of the infrastructure beyond disruption of services. Once the attackers get in, they can wreak havoc in earnest. These attackers are largely External actors, with a Financial motive, although there are a small amount of Grudge-motivated attacks in this sector as well.
The inclusion of the Basic Web Application Attacks is concerning, given the less complex nature of these attacks. Conversely, the attackers have to try much harder to gain their prize in the System Intrusion attacks, where ransomware is always a favored tool. As we have seen in the past, every attacker loves credentials, and will use them to masquerade as a legitimate employee to evade capture for as long as it takes to get what they are after.
The most commonly taken data is Personal information (although it is down from a high last year of 83%) and Credentials. Oddly enough, Medical data is still being snarfed up (technical term) in 15% of the breaches in this sector. This was similar to last year (at 26%), but it remains a puzzling data type to find in a sector that has no medical affiliation. It may be that the data taken is from companies that are self-insured for their employee medical needs, and so have a need to store that kind of data, or it could possibly be from some form for Workers Compensation data (on the job injuries). Additionally, this NAICS code includes sports teams which could account for a certain number of stolen medical records. Regardless, it is a rather counterintuitive finding
Miscellaneous Errors remain in the top three patterns again this year (25%). The Misconfiguration error was the most common, representing approximately 15% of the breaches. In addition to blunders with servers, it seems like this industry still has issues with sending emails to the wrong recipients.
Let's get started.
Choose your country to view contact details.
- Select Country...
- United States
- Argentina
- Australia
- Austria
- Belgium
- Brazil
- Canada
- Chile
- China
- Colombia
- Costa Rica
- Denmark
- Finland
- France
- Germany
- Hong Kong
- India
- Ireland
- Italy
- Japan
- Korea
- Luxembourg
- Mexico
- Netherlands
- New Zealand
- Norway
- Panama
- Portugal
- Singapore
- Spain
- Sweden
- Switzerland
- Taiwan
- United Kingdom
- United States
- Venezuela
-
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.