Verizon's Show-Stopping DBIR 2021 Is A Must Read for Every Cyber Security Professional: Stunning Data Amidst a Surge of Attacks in 2020

By Matthew Vulpis May 25, 2021

Verizon recently released its annual Data Breach Investigations Report (DBIR), which provides valuable insight and analysis into the cybersecurity challenges faced by organizations. The report this year analyzed 29,207 security incidents, with data coming from 83 contributors and victims spanning 88 countries, 12 industries, and three world regions, which found a confirmed 5,258 breaches, a 33 percent increase in volume from last year’s report.

The 2020 DBIR found that ransomware continues to be a top cyber-attack, with a six percent increase in attack volume, while phishing cyber threats were also on the rise, with an 11 percent increase. Ransomware is a type of malicious software that restricts or limits users of a targeted organization from accessing their IT systems, while with phishing, attackers persuade and deceive employees in many ways to gain critical access, most commonly via email.

“Over the past years, phishing and ransomware have become the most rampant form of cybercrime and an exponentially increasing threat to organizations, said Orhan Yildirim, CTO of Ironsphere, a software and privileged access management company, when asked about cyber threats. “The two will often go together, with ransomware being the malware designed for the sole purpose of extorting money from victims, and phishing being the delivery mechanism in order to gain access to a user’s credentials.”

It’s not necessarily a surprise that cyber threats, in general, were on the rise this past year, as the global pandemic forced people to work from home, putting more people on the internet at once than ever before. However, breach data showed that 61 percent of breaches involved credential data, with 95 percent of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year, which can have a devastating effect on a company.

“Ransomware and phishing attacks can have an overwhelming impact on businesses of all sizes, with personal and corporate data, financial and healthcare records, network share files, and all other valuable content being able to be taken hostage by ransomware.,” said Yildirim. “The stories are proving that it can halt businesses, slow down productivity, and potentially set an entire organization up for failure.”

However, while attacks are on the rise, there are a variety of practices organizations should follow to bolster their defense against cyber attackers. Solutions such as Privileged Access Management (PAM) can help companies protect against the threats posed by credential theft and privilege misuse.

PAM refers to a comprehensive cybersecurity strategy comprising people, processes, and technology, to control, monitor, secure, and audit all human and non-human privileged identities and activities across an enterprise IT environment. PAM is grounded in the principle of least privilege, wherein users only receive the minimum levels of access required to perform their job functions.

“The principle of least privilege is widely considered to be a cybersecurity best practice and is a fundamental step in protecting privileged access to high-value data and assets,” said Yildirim. “By enforcing the principle of least privilege, organizations can reduce the attack surface and mitigate the risk from malicious insiders or external cyber attacks that can lead to costly data breaches.”

Challenges that organizations face, such as managing account credentials, tracking privileged activity, monitoring and analyzing threats, and controlling privileged user access, can all be handled efficiently by a PAM solution. By prioritizing PAM programs as part of their larger cybersecurity strategy, companies can experience many organizational benefits, including mitigating security risks and reducing the overall digital attack surface, enhancing visibility and situational awareness across the enterprise, and improving regulatory compliance, all of which Yildirim states are essential as we continue to move toward a more digital future.

“As reliance on digital technologies continues to increase, cyber attacks have become increasingly sophisticated,” Yildirim explained. “Organizations that rely on outmoded cybersecurity strategies leave themselves vulnerable to threats, as organized criminal hackers, whose disruptive ambitions are only growing, search out the easiest organizations to target.”

Edited by Luke Bellos

Content Contributor

Related Articles

GSA Rejects Face Recognition for IRS and Other Federal Agencies

By: Laura Stotler    2/11/2022

The GSA said the IRS and other government agencies will not be using facial recognition to verify access to their websites and online records. The ann…

Read More

The Benefits of B2B Marketplaces for MSPs: Unify, Simplify and Amplify

By: Arti Loftus    2/8/2022

Business today is more technologically and digitally driven than ever before, with various applications and devices re-shaping the way companies do bu…

Read More

With the Passage of the Infrastructure Bill, Rural America Is Gearing Up For Acceleration in 2022

By: Matthew Vulpis    12/2/2021

The recent shift toward online business and education activity highlighted the lack of access to high-speed broadband internet service in some parts o…

Read More

The Leading Edge of Mainframes: Open Mainframe Project Reports Record Growth of the in 2021

By: Arti Loftus    10/25/2021

Last month, Open Mainframe Project hosted their second annual Open Mainframe Summit, announcing record growth in contributions, with more than 105.31 …

Read More

Veea and iFree Introduce TROLLEE IoT and AI Powered Interactive Shopping Cart

By: Matthew Vulpis    10/7/2021

In recent years, we've seen a drastic increase in smart technology aimed at making our lives easier. These innovations focus on improving our physical…

Read More