According to the 2022 Cost of a Data Breach Study:
- 83% of organizations have experienced more than one data breach.
- 60% of organizations have been forced to raise product and service prices due to a breach.
- The average cost of a breach is now $4.35 million, having risen by 12.7% in the last two years.
Despite global security spending increasing by 100X since 2004, security incidents and data breaches are becoming more common, and their impact is greater than ever.
This article is the first in a series summarizing the findings of our new report:
Today, we’ll examine the fundamentals of cybercrime: the sources and targets of cyber threats and how they have changed over time. We’ll be leaning heavily on data from Verizon’s Data Breach Investigations Reports (DBIR) between 2008-2022.
Incidents vs. Breaches
Most industry research focuses on attacks that lead to a breach of data privacy. It’s easy to see why. A serious data breach is usually the worst possible outcome of a cyberattack. However, when examining the cybercrime landscape, it’s worth considering the impact of other security incidents.
Regardless of the outcome, incidents soak up a lot of time for security teams. Most organizations suffer a small (often zero) number of breaches per year, yet security teams work flat out at all times. Considering that 62% of security teams are insufficiently staffed, we’d argue any attack trend that requires human resources to prevent or remediate is worth paying attention to.
An over-focus on breaches also downplays the importance of certain attack vectors—most notably, DDoS. While DDoS attacks rarely lead to a breach (though not unheard of), they are a constant, disruptive, and expensive fact of life for many organizations.
Where Threats Come From
Cybercrime has come a long way. In the first edition of Verizon’s DBIR in 2008, they claimed (emphasis ours): “It is widely believed and commonly reported that insider incidents outnumber those caused by other sources. While certainly true for the broad range of security incidents, our caseload showed otherwise for incidents resulting in data compromise.”
Analysis of figures from the 2022 DBIR finds that today, insider incidents don’t come close to outnumbering those from external sources. Insiders cause less than 10% of security incidents—and if we consider only incidents due to malicious intent, the figure is below 2%.
One thing that remains consistent is the outsized impact of insider incidents. In 2008, breaches caused by insiders made up 18% of the dataset. That figure has dropped as low as 14% in the intervening years, but, despite low incident numbers, it increased to 20% in 2022. However, since this is a report about cybercrime, not cyber error, it’s important to note that around three-quarters of insider breaches are due to errors (often misconfigured cloud storage) and lost or stolen assets.
Which begs the question: where’s the crime? For insiders, the tactic of choice is privilege misuse, which today is involved in just 1% of incidents, but 4% of breaches. More than three-quarters of privilege misuse incidents result in a breach, highlighting the outsized impact of insider threats.
Popular Targets for Cyberattacks
Today, the top three assets affected by breaches (apart from humans) are easy to guess:
- Web applications (56%)
- Mail servers (28%)
- Desktops and laptops (18%)
Note: multiple assets are frequently affected in the same breach, so these numbers don’t add up to 100%.
These assets are all accessible via the Internet and can often be compromised directly using stolen credentials. This makes them an ideal target for cyberattacks—particularly when access credentials are readily available for purchase in cybercriminal circles.
However, it wasn’t always this cut and dry. In 2012, the prevalence of attacks against POS systems meant the top four targeted assets were POS servers, POS devices, desktops/workstations, and ATMs. In that year’s dataset, POS intrusions were involved in an incredible 45% of data breaches. By 2017, this figure had dropped to 6.7%, and by 2020 it was just 0.8%.
What happened? We’d argue two factors are at play:
- The general standard of cybersecurity across all industries (particularly retail and hospitality) has improved immeasurably over the last decade.
- Regulations designed to protect payment card data (PCI-DSS) have been strengthened over time and enforced consistently, prompting organizations to improve cybersecurity for POS devices.
By necessity, cybercriminals have moved away from what has become a challenging pursuit (POS compromise) and towards other, lower-hanging fruit.
Get the Full Cybercrime Story
A cybercrime report could be anything from one page to a hundred pages long. As simple as saying, “Cybercriminals go where the money is,” or as complicated as digital forensics and malware analysis.
In our new report, we’ve striven for a happy medium that gives insight into current, past, and possible future cybercrime trends without getting bogged down in unnecessary details. We’ve also included the most important steps to protect against cybercrime over the next decade.
Download the report to learn:
- The four most common attack vectors and what they reveal about threat actors’ motivations.
- Why hacktivism and grudge attacks have dropped significantly, and what’s replaced them.
- The two BIG exceptions to financially motivated cybercrime and why they’re so common.
- Why statistics don’t tell the whole story regarding internal vs. external attacks—and why that matters when designing a risk-based cybersecurity program.
- Where cybercrime will definitely go over the next few years—plus longer-term predictions from industry veterans Dr. Zero Trust (Chase Cunningham) and Dan Schaupner.
May 4, 2023