Recently Verizon announced its Data Breach Investigations Report for the year 2020, which includes sixteen different industries and four world regions. A total of 32,002 security incidents were analysed, of which 3,950 were confirmed breaches. According to the findings 45% of the breaches featured hacking, while only 17% of the breaches involved malware. As far as targets are concerned, 72% of the victims were large businesses.

Web applications were involved in 43% of the breaches and there were two major attacks associated with them. The first one involved hacking via the use of stolen credentials, targeting assets like outward-facing mail servers and business-related applications. The second one is related to the use of exploits against web-facing applications, aiming to gain access to the system and compromise the system’s confidentiality, integrity and availability. Furthermore, in 37% of the breaches, credentials were stolen or used and phishing was employed in 22% of them. According to the findings, the vast majority of the breaches were financially motivated, accounting for 86% of the total breaches, something that is both interesting and alarming.

A major data breach has significant impact on organisations and anyone who is associated with them. Regardless of the size, all organizations should adopt centralized monitoring mechanisms in order for them to immediately take actions and mitigate the posed threats.

Alexandros Papanikolaou

InnoSec, GreeceRecently Verizon announced its Data Breach Investigations Report for the year 2020, which includes sixteen different industries and four world regions. A total of 32,002 security incidents were analysed, of which 3,950 were confirmed breaches. According to the findings 45% of the breaches featured hacking, while only 17% of the breaches involved malware. As far as targets are concerned, 72% of the victims were large businesses.

Web applications were involved in 43% of the breaches and there were two major attacks associated with them. The first one involved hacking via the use of stolen credentials, targeting assets like outward-facing mail servers and business-related applications. The second one is related to the use of exploits against web-facing applications, aiming to gain access to the system and compromise the system’s confidentiality, integrity and availability. Furthermore, in 37% of the breaches, credentials were stolen or used and phishing was employed in 22% of them. According to the findings, the vast majority of the breaches were financially motivated, accounting for 86% of the total breaches, something that is both interesting and alarming.

A major data breach has significant impact on organisations and anyone who is associated with them. Regardless of the size, all organizations should adopt centralized monitoring mechanisms in order for them to immediately take actions and mitigate the posed threats.

Alexandros Papanikolaou

InnoSec, Greece