Cybercrime thrives during pandemic: Verizon

Increase in phishing and ransomware attacks along with continued surge in web application attacks pose security risk, shows Data Breach Investigations Report 2021

Hyderabad: Cyber threats are on the rise and the pandemic has triggered even more incidents. Phishing and ransomware attacks increased by 11 per cent and six per cent respectively, with instances of misrepresentation increasing by 15 times between November 2019 and October 2020, compared to last year. Almost 61 per cent of breaches involved credential data, according to the latest and 14th edition of Data Breach Investigations Report 2021 of Verizon Business Group.

The Government of Telangana, ITE&C Department and Hyderabad Security Cluster have also contributed insights for this report. The latest edition shows 5,258 breaches from 83 contributors worldwide, reporting a one-third jump in breaches year-on-year.

Verizon analysed 79,635 incidents in total, sampled from 88 countries. The regions covered under the study include — Asia Pacific (APAC) comprising Southern Asia, South-eastern Asia, Central Asia and Eastern Asia; EMEA region comprising Europe, Middle East and Africa; and North America comprising the US and Canada.

Prashant Gupta, Head of solutions, South East Asia & India, Verizon Business Group, told Telangana Today, “Owing to the pandemic, healthcare and pharma industry were targeted at intellectual property in order to make money out of it. Two Indian pharma companies were attacked. We also saw internet of things (IoT)-enabled devices being targeted, be it used for remote medicine or surgery. E-commerce sector was also impacted as online orders went up multi-fold during the pandemic.”

“Industry broadly is spending money on zero test provisioning models. Covid has been a catalyst for digital transformation. The investments, which were to happen in the future years, are being invested immediately for securing delivery applications/systems,” Gupta added.

Sharing further perspectives, Anshuman Sharma, principal consultant, Investigation Response, Verizon and the co-author of the report, said, “We reviewed a total of 11 industries and three world regions, the behaviours, patterns, challenges, and areas of improvement for enterprises to strengthen and brace themselves from the impact of Covid-19 on data security.”

Core threats

Sharma noted, business email compromise (BEC) breaches have doubled. Phishing and use of stolen credentials have emerged as the top breaches. Phishing attacks have remained in the region of 25 per cent of overall breaches. And 85 percent of breaches involved a human element while loss of personal and medical data were the major types of data losses one has witnessed.

In terms of economic loss, 95 per cent of business email compromises fell between $250 and $985,000 dollars with $30,000 being the median. In the case of computer data breaches, 95 per cent of them fell between $148 and $1.6 million, with a median loss of $30,000. Finally, for ransomware the median amount lost was $11,150, and the range of losses in 95 per cent of the cases fell between $70 and $1.2 million. Insurance and legal costs were additional costs incurred due to these breaches, added Sharma.

Sector outlook

Industry-wise, education, entertainment, finance, public administration, healthcare, IT, manufacturing, mining and retail were some of the major sectors that saw security incidents and breaches. In the small and medium business segment, there were 1,037 incidents, of which 263 were confirmed data disclosure.

In financial and insurance sectors, 83 per cent of data compromised in breaches was personal, while in professional, scientific and technical services only 49 per cent was personal. Mis-delivery represented 55 per cent of financial sector errors.

Sharma added, basic human error continues to affect the healthcare industry. The most common error continues to be mis-delivery (36 per cent), whether electronic or of paper documents. On the other hand, the retail industry continues to be a target for financially motivated criminals looking to cash in on the combination of payment cards and personal information. All this is leading the industry to spend more money on endpoint protection solutions and threat intelligence.

---

Now you can get handpicked stories from Telangana Today on Telegram everyday. Click the link to subscribe.

Click to follow Telangana Today Facebook page and Twitter .

---