For the third year running, Edgescan is proud to announce that it has contributed data to the Verizon Business 2021 Data Breach Investigations Report (2021 DBIR).
Working in partnership with the DBIR team, Edgescan provided data on thousands of validated vulnerabilities across the full stack based on delivering tens-of-thousands of cyber security assessments globally in 2020. The data Edgescan provided reflected web, network, cloud and API vulnerability data across many verticals and many regions of the world, which we believe to be a true reflection on the state of cyber security and vulnerability management.
“Edgescan’s vulnerability data continues to help us build a robust corpus of patching data that we used while writing the Asset section of the DBIR. We are pleased to work with Edgescan again this year and the company continues to be an excellent contributor to work with,” said Gabriel Bassett, Lead Data Scientist of the Verizon Business DBIR.
With 29,207 quality incidents analysed, of which 5,258 were confirmed breaches, the 2021 DBIR provides a comprehensive snapshot of the state of cybersecurity globally and we are, of course, delighted to have taken part to this industry-wide effort to capture the challenges facing organisations.
The Findings
Perhaps unsurprisingly, the report found that the pandemic offered cybercriminals an opportunity to increase their efforts to monetise on the world’s state of crisis. Phishing and ransomware both thrived during the pandemic, with phishing increasing by 11 percent and ransomware by 6 percent. BEC scams, in particular, have shown to be on a steep increase, with attempts doubling compared to the previous year.
In line with Edgescan’s own Vulnerability Stats Report, the 2021 DBIR found that web applications continue to make an appealing target for cybercriminals as organisations move their operations to the cloud. In fact, web application breaches represented 39 percent of all the breaches analysed.
While Verizon Business found that security continues to be a challenge for organisations across all industries, each vertical had its own set of risks to face. According to the report, Financial and Healthcare sectors were riddled with Misdelivery breaches (55 and 36 percent, respectively). Public administration, on the other hand, seems to be the prime target for social engineering attacks aimed at stealing sensitive credentials.
Interestingly, the human factor continues to be a necessary component of a successful breach, with 85% of security incidents analysed indicating the involvement of a human element.
The Verizon Business DBIR is a chance for the cybersecurity industry to reflect on what they are doing right and where there is room for improvement. And the message is clear: attackers are more than ready to jump on any opportunity to make a quick profit, whether that means exploiting a global crisis or to attack critical infrastructure, as recent events have demonstrated.
In light of this, it is ever more important for the cybersecurity industry as a whole to come together and join forces. We are delighted to have been able to provide our accurate, validated data to the folks at Verizon Business, whose hard work is incredibly important for defenders across the globe.
Eoin Keary
CEO/Founder Edgescan