BR +55 11 3069 3925 | USA +1 469 620 7643

  • BLOG
  • Português
  • BR +55 11 3069 3925 | USA +1 469 620 7643
  • Português
logo senhasegura
  • SOLUTIONS
  • PRODUCTS
  • SERVICES AND SUPPORT
  • PARTNERS
  • COMPANY
  • CONTACT
  • DEMO

Compliance

and Audit

Audit

PCI DSS

SOX

ISO 27001

HIPAA

NIST

GDPR

ISA 62443 |

Industry 4.0

Security and

Risk Management

Privilege Abuse

Third Party Access

Privileged Access Recording

Insider Threat

Data Theft Prevention

Hardcoded Passwords

Password Reset

Solutions

By Industry

Energy and Utilities

Financial

Government

Health Care

Legal

Telecoms

Retail

senhasegura

Testimonials

See Testimonials

360º Privilege Platform

Account and

Session

PAM Core

Domum

Remote Access

PAM SaaS

MySafe

GO Endpoint

Manager

GO Endpoint

Manager Windows

GO Endpoint

Manager Linux

DevOps Secret

Manager

DevOps Secret

Manager

Multi

Cloud

Cloud IAM

CIEM

Certificate

Manager

Certificate

Manager

Privileged

Infrastructure

PAM Crypto Appliance

PAM Virtual Crypto Appliance

PAM Load Balancer

Delivery : On Cloud (SaaS) | On-premises | Hybrid

Services

and Support

Documentation

Solution Center

Suggestions

Training and Certification

Deployment and Consulting

PAMaturity

PAM 360º

Support Policy

senhasegura

Resources

Rich Materials

Customer Cases

Webinars Calendar

senhasegura Stickers

BLOG

CONTENT

Is your company really prepared for a cyber attack?

The Pillars of Information Security

7 signs that your company needs to improve the security of sensitive data

See more articles about cybersecurity

Technical

Information

How it works

Product Archicture

Integration

Security

High availability and contingency

Privileged Auditing (Configuration)

Privileged Change Audit

Features and

Functionalities

ITSM Integration

Behavior Analysis

Threat Analysis

Privileged Information Protection

Scan Discovery

Task Management

Session Management (PSM)

Application Identity (AAPM)

SSH Key Management

Affinity Partner

Program

About the Program

Become a Partner

MSSP Affinity Partner Program

Security Alliance Program

Academy | E-learning for Certification

Affinity

Portal

Portal dedicated only for Partners to find commercial, marketing supporting materials and certification program of senhasegura.

Access Partner Portal

Opportunity

Booking

For our Commercial Team to support your sale more effectively, request your opportunity booking here.

Opportunity Booking Request

Find a

Partner

We work together to offer a better solution for your company.

Check all senhasegura partners

About

Company

About us

Achievements

Why senhasegura

Press Release

Press Room

Events

Career

Presence in the World

Terms of Use

End User License Agreement (EULA)

Privacy and Cookie Policy

Information Security Policy

Certification at senhasegura

senhasegura

Testimonials

See Testimonials

Latest Reports

and Awards

Frost & Sullivan Customer Value Leadership Award 2022

Gartner PAM Magic Quadrant 2021 Report

KuppingerCole Leadership Compass: PAM 2021

GigaOm Radar Report 2021

Gartner PAM Magic Quadrant 2020

Gartner Critical Capabilities for PAM 2020

Information Services Group, Inc. (ISG)

KuppingerCole Leadership Compass: PAM 2020

Contact our team

Request a Demonstration

Verizon Data Breach Investigation Report 2021: What You Need to Know About This Report

by senhasegura Blog Team | Jun 25, 2022 | BLOG

Human interaction with IT structures represents one of the main cyber threats faced by organizations of the most diverse sizes and industries. 

This is just one of the important pieces of information extracted from the Verizon Data Breach Investigation Report 2021, issued by telecommunications service provider Verizon.

The document reveals aspects of extreme relevance for organizations that wish to anticipate problems such as cyberattacks and data leaks, avoiding a series of inconveniences and losses.

In this article, we explain what exactly this report is and how you can use this data in your company’s favor. Check out our list of topics below:

  • Verizon Data Breach Investigation Report 2021: What Is This Report?
  • Data Extracted from the Verizon Data Breach Investigation Report 2021
  • Is Verizon Data Breach Investigation Report Reliable?
  • What Should Be Done in Practical Terms with the Information in the Report?
  1. About senhasegura
  2. Conclusion

Follow our text to the end!

Verizon Data Breach Investigation Report 2021

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

12 + 1 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

Verizon Data Breach Investigation Report 2021: What Is This Report?

The Verizon Data Breach Report consists of an annual report, published by telecommunications service provider Verizon, on security incidents and data breaches that occurred in the previous year.

In this report, information is shared about the different types of attacks and vulnerabilities, also indicating the main changes that have occurred in the world when it comes to cybersecurity. 

For the 2021 edition, prepared with the collaboration of 83 companies, 29,207 real security incidents were analyzed, which – according to Verizon – would have compromised the integrity, confidentiality, or availability of information assets. 

Of this total, 5,258 violations were confirmed, which resulted in the unauthorized propagation of data. 

In the next topic, we cover some important information extracted from the Verizon Data Breach Investigation Report 2021. Continue reading and check it out. 

Data Extracted from the Verizon Data Breach Investigation Report 2021

The following are the main data collected by the Verizon Data Breach Report for its 2021 edition:

  • 61% of Cyberattacks Surveyed Involved Privileged Credentials

Privileged credentials are among the main vectors of attacks by malicious agents and, according to the Verizon Data Breach Report, they motivated 61% of cyberattacks performed in 2021.

Therefore, organizations must adopt protective measures, raising awareness and training their employees so they can avoid risks, and adopting solutions such as PAM, which makes it possible to reduce insider and external threats.

  • Privilege Abuse Was the Cause of 70% of Attacks Involving Misuse of Credentials

Many organizations fail to apply the principle of least privilege, which grants each human user or machine only the required access to perform their activities. 

As a result, they face internal risks, such as the privileges granted to active or dismissed employees.

The abuse of these privileges, granted in excess or not revoked, has caused 70% of attacks related to the misuse of credentials, according to the Verizon Data Breach Report.

  • Phishing Is the Main Tactic Used by Malicious Attackers

Phishing is a cyberattack in which the hacker uses the identity of a legitimate institution, gaining the trust of its victims to steal sensitive data, such as banking information.

Very common, this type of crime is the main approach applied by malicious attackers, according to Verizon Data Breach Report. For this reason, organizations must train their employees to avoid this threat.

For that, it is possible to perform exercises that simulate phishing campaigns, preparing users to detect it. 

 

  • 30% of Attacks Involved Social Engineering

The Verizon Data Breach Report reveals another factor that poses a major risk to the cybersecurity of organizations is related to the behavior of unsuspecting or poorly trained users, who may become victims of social engineering attacks.

This technique is widely used by malicious attackers to persuade their victims to send sensitive data or perform actions that facilitate their actions.

Information collected by the Verizon Data Breach Report points out that 1,761 social engineering attacks carried out in 2021 resulted in the disclosure of data, which often generated the loss of credentials, usually used in hacker and malware attacks.

Another relevant information is that most of these attacks were detected externally, showing that IT and security teams, system administrators, and employees of organizations would not be aware of these crimes. 

 

  • Attacks Involving Cloud Are Increasing

The use of cloud-based solutions grew exponentially with the Covid-19 pandemic, which imposed social distancing, making room for remote work.

In addition, companies were able to know all the advantages related to these services, which include more speed and scalability.

However, despite its numerous benefits, the adoption of cloud computing challenges those who are concerned with ensuring digital security.

This is because many human users and machines use privileged credentials to access cloud resources, increasing the attack surface and risks.

In the Verizon Data Breach Report, it is possible to verify that, among the attacked assets, those from the external cloud were more common than the local ones. This information reinforces that hackers can take advantage of the lack of visibility inherent in cloud environments.

  • The Human Aspect Was Involved in 85% of the Attacks

Often, unintended incidents, such as the incorrect configuration of database assets, directly compromise an organization’s cybersecurity, as evidenced by the Verizon Data Breach Report.

In this latest version of the report, Verizon has detected and assessed 919 incidents, 896 with confirmed data propagation. Among the compromised information, 79% were personal data, 17% were from physicians, 13% related to banks, and 13% to credentials.

Moreover, it was noticed that 50% of violations generated by human errors are caused by administrators and 30% by developers, with incorrect configurations representing 50% of these errors and incorrect deliveries representing 30%. 

Also, according to Verizon, data storage was observed being placed on the internet without controls and searched by security researchers.

Is Verizon Data Breach Investigation Report Reliable?

The Verizon Data Breach Report is a widely known and respected annual report, being one of the best in the world when it comes to violations and incidents globally. 

It consists of a totally impartial initiative, since it does not promote any product or service. In addition, data are collected from institutions around the world, which makes it truly global. 

This data is used to understand and share what are the vulnerabilities that generate violations and incidents, considering the technical and human risks. 

Verizon works with transparency both with regard to its sources and the data analysis process. 

What Should Be Done in Practical Terms with the Information in the Report?

Now that you have checked the key information raised by the Verizon Data Breach Report, you may be wondering what to do with this data in practice. 

First, it is essential to analyze human risk factors and prioritize the key threats faced in this regard by your company, managing these risks more effectively. 

It is also extremely important to use the Verizon Data Breach Report as a support instrument, showing the organization’s leaders the relevance of human risk and why it is recommended to invest in awareness and training of employees who interact with the IT environment.

Check out the main points to be considered below:

  • Awareness first: In this latest report, Verizon ranked the top risk factors for eleven different industries, recommending the Center for Internet Security’s top three controls to manage the risks of each of them. The only common control for all areas was Security Awareness and Training.
  • People are a major risk factor: 85% of the violations raised by the report are related to human interaction. Therefore, it is not enough for companies to adopt a technology-only strategy to eliminate risks and ensure cybersecurity. After all, the intention is not to protect the assets themselves, but the organization as a whole, which includes its employees. 
  • Human errors generate many disruptions: many companies focus their security strategies on explicit threats such as the actions of malicious attackers. However, 20% of violations are caused by a human error committed by people trying to work the right way. 

Among these errors, the incorrect configuration of cloud accounts stands out, which results in the sharing of the organization’s data with the wrong people. Therefore, it is highly recommended to have a solution that solves this type of failure and a professional responsible for it. 

  • The two main types of attacks are associated with phishing and passwords: so, if you do not know where to start training your employees to get better human risk management, start with these elements, which should be an essential part of an awareness plan.

About senhasegura

We, from senhasegura, are part of the group of information security companies MT4 Tecnologia, founded in 2001, and we aim to provide digital sovereignty to our customers through the control of privileged actions and data.

With this, we prevent data leaks and theft, as we manage privileged permissions before, during, and after access through machine automation. We work to:

  • Optimize the performance of companies, avoiding interruption of operations; 
  • Perform automatic audits on the use of permissions;
  • Audit privileged changes to detect abuse of privilege automatically;
  • Provide advanced solutions with the PAM Security Platform;
  • Reduce cyber threats; and
  • Bring the organizations that hire us into compliance with audit requirements and standards such as PCI DSS, Sarbanes-Oxley, ISO 27001, and HIPAA.

Conclusion

In this article, you saw that:

  • The Verizon Data Breach Report is an annual report on security incidents and data breaches that occurred in the previous year;
  • According to this report, the threats generated by human actions and errors stand out among the main risks faced by companies, in addition to the increase in attacks involving cloud solutions and attacks associated with privileged credentials;
  • The Verizon Data Breach Report is extremely reliable and recognized, also characterized by its transparency and impartiality;
  • It points out the need to invest in awareness and training of all professionals in a company and can be shared with leaders to seek support in this regard.

We hope this article has clarified your key questions about Verizon Data Breach Report and can be shared with more people.

 

ALSO READ IN SENHASEGURA’S BLOG

Configuration Management Database (CMDB): Learn More About It

Cybersecurity Risk Assessment According to ISA/IEC 62443-3-2

What is NIST and Why Is It Critical to Cybersecurity?

← Building Digital Manufacturing Through PAM How Does PAM Assist in Hiring Cyber Insurance? →

SaaS, PaaS and IaaS: Learn about theCloud Computing Options

Understand these solutions to choose the best alternative for your business. For many years, we have been using cloud computing to access files that are not stored on a computer, but on email servers, social network websites, or internet pages, without the need of...
Read More

What does a Chief Information Security Officer (CISO) do?

A Chief Information Security Officer (CISO) is a high-level professional responsible for the digital security of a company. If you aspire to obtain this position, read our text until the end. In it, we explain more about the profession. With the advancement of...
Read More

An overview of essential certifications for CISOs

In the world of cybersecurity, the role of a CISO is crucial in protecting data and sensitive information. To excel in this career, it is necessary to have certain certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical...
Read More

What is the role of a CISO during a cyber attack?

The CISO plays a crucial role in incident management during cyber attacks as they are responsible for implementing containment and eradication measures. However, it is also their role to detect and prevent threats. Learn more in this article about the responsibilities...
Read More

Security Training Best Practices for Privileged Users

It is essential to train privileged users to avoid cyber threats, as they are the primary victims of hackers. Read our article and learn how to do it. Privileged user credentials are among the main targets of cybercriminals since they allow them to access data and...
Read More

Share This!

Copyright 2022 senhasegura | All Rights Reserved | Powered by MT4 Group
By continuing to use this website, you consent to our use of cookies. For more information, please read our cookie policy.AcceptRead Our Privacy and Cookie Statement
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT