In a new report of nearly 30,000 cyber incidents, roughly 70 percent of public sector breaches were found to be the product of social engineering campaigns—relying mostly on phishing attacks.
The 2021 Verizon Data Breach Investigations Report (DBIR) looked at 5,258 data breaches from 83 contributors. The report analyzes 79,635 total incidents, with 29,297 meeting quality standards.
“Over the past decade, the cyber threat has grown exponentially with nation state and cyber criminals increasing the scale, scope and level of sophistication of their cyberattacks,” the report says. “Addressing this kind of complex and agile environment requires a more comprehensive response than any one single government agency, business, technology, or data source can provide.”
Compared to 2020, and with an increase in remote workers, phishing and ransomware attacks jumped up 11 percent and six percent, respectively. Additionally, 83 percent of these threats to public-sector systems were external and 93 percent were motivated by financial gain.
“Phishing remains one of the top action varieties in breaches and has done so for the past two years. Not content to rest on its scaly laurels, however, it has utilized quarantine to pump up its frequency to being present in 36 percent of breaches (up from 25 percent last year),” the report says. “This increase correlates with our expectations given the initial rush in phishing and COVID-19-related phishing lures as the worldwide stay-at-home orders went into effect.”
The report also found that 80 percent of incidents included attempts to steal logins and passwords to increase an attacker’s presence in victim networks and systems.