Verizon's latest security report calls out the need for organizations to do a better job of securing their data on cloud repositories. According to the Verizon Business 2020 Data Breach Investigations Report (DBIR), the increased amount of workloads that have moved from on premise to the cloud has led to more cloud-based attacks.
The most common method to attack web applications in order to gain access to sensitive information is stolen credentials at more than 80% while exploiting vulnerabilities was less than 20%. The latest DBIR report, which was first issued in 2008, covers a period from November in 2018 to October of last year.
"We saw that web app attacks doubled over last year, and while 80% of those are the attacks that are perpetrated using credentials, 20% are using exploits," said Gabe Bassett, a co-author of the report and senior information security data scientist at Verizon Enterprise Solutions. "And those exploits are predominantly known vulnerabilities like things that have been patched that we know about. So organizations have to keep up with those patches, and we're not talking about keeping up in the last week, we're talking about keeping up over the last year."
While misconfiguration errors were up in the latest report, Bassett said that was more to do with enterprises doing a better job of reporting them.
Small and medium-sized businesses (SMBs) that are using cloud and web-based applications and tools are prime targets for cyber attackers. Bassett said some SMBs consider themselves too small to warrant a focused attack, but they are vulnerable to scattershot attacks that target a wide range of businesses.
Phishing is the biggest threat for SMBs, accounting for more than 30% of the breaches. Stolen credentials led to 27% of the breaches while password "dumpers," which is when a site's security has been exposed and the contents of the web site are dumped on the web, accounted for 16%. Over 20% of the attacks were against web applications and involved the use of stolen credentials.
While SMBs may feel as though they can fly under the radar when it comes to cyberattacks, Bassett said they need the same security measures in place that enterprises employ. Because SMBs typically don't have the IT resources in place, Bassett said they should consider working with a managed security services provider.
Overall, 86% of the breaches that were investigated were financially driven. The majority of breaches continued to be conducted by external actors (70%) with organized crime accounting for 55% of the attacks.
Ransomware also saw a slight increase as it was found in 27% of the malware incidents compared to 24% in the previous report. Overall, 18% of the organizations reported blocking at least one piece of ransomware last year.
With millions of employees working from home during the coronavirus pandemic, Bassett said home-based users needed to have the same security measures in place as when they are working in their office locations.
"How do we get collaboration software, video chat, and VPN services working for employees that are working remotely?" Bassett said, of the work from home to-do list. "But after that, organizations need to start thinking about their security services because that asset moved outside of the security perimeter. It's important to try to quickly as possible get patches deployed, get web proxies, and email proxies functioning when the computer or laptop is not within the boundary.
"They need to make sure to have security at the endpoint because now these systems are no longer protected. They are now exposed to what I call the internet background radiation, which are those attacks that just occur continuously on the internet."
Verizon's DBIR report is based on 81 contributing organizations in 81 countries. Verizon analyzed 157,525 incidents. Of those, 32,002 met quality standards and 3,950 were confirmed data breaches.