According to the Verizon Data Breach Research Record for 2020, several enterprises are leaving cloud storage unprotected hence the private data stored in the cloud storage are exposed to cyber-attacks. Thereby increasing the number of such attacks.
Gabe Bassett, senior information security data scientist at Verizon Enterprise stated that actual reality is both good and bad. The good news is such that organizations are proclaiming these violations further and quantifying the issue. The bad news is such that misconfiguration glitches yet exist. Bassett added that he does not assume it is a matter of enterprises creating more mistakes as significant as them being reported. Verizon’s DBIR report shows how misconfiguration errors are trending.
Verizon’s DBIR record is completely originated on 81 participating companies in 81 countries. Verizon investigated 157,525 events. Out of those, 32,002 fitted quality measures and 3,950 were approved data violations.
On a huge level:
- 22% of violations current year included cloud assets and additionally on-premises assets were in 71% of recorded events.
- 45% of violations highlighted hacking and 22% included social attacks. 22% too compromised malware.
- Outside actors were responsible for 70% of the violations and planned crime by 55%. 30% associated with inside actors.
- 81% of violations were found in days or less.
- 72% required large business victims.
- 58% of victims had private data endangered.
- 86% of the violations were financially motivated.
- 43% of the violations included in web applications.
Additional key takeaways from the Verizon DBIR comprise:
- Password dumper is the most popular form of malware accompanied by capture app data and ransomware.
- Office documents and Windows apps yet serve to be the malware filetype of opportunity. Other filetypes seen as malware deliver mechanisms comprise shell scripts, browsers app, FlashJava, PDF, Linux app, OSX app, and Android app.
- 80% of violations that involve hacking are brute force or management of lost or hijacked credentials.
- Phishing is the top form of social-driven violations. These social attacks reported through email 96% of the time. Click rates on phishing prevail at 3.4%.
Looking for more cloud news? Signup our newsletter for the latest update