Verizon's "2020 data leak infringement survey report"

Attack on Hacking, Fishing, and Cloud -based data is an important security issue in remote working. The cloud -based data web application attack is 2 times the 43 % ● Theft of authentication information, human errors, and social attacks are 67 % of all data infringement ● Clarify the cyber data infringement route To be able to "defend the defenders" ● Success of continuous patching -Data infringement that abuses vulnerabilities, less than 1, is provided by the cooperation of 81 companies in 81 countries in the world. 32,002 security incidents and 3,950 cases confirmed that internal data leakage/infringement occurred (Chiyoda -ku, Tokyo, hereinafter "Belizon") will be in the 2020 Belizon Data Leak Invasion Investigation Report (FY2010. The Japanese version of "abbreviated: DBIR) has been announced today. In this report, financial interests are still the main propulsion of cyber crimes, and that 9 out of about 10 data infringement is financial purpose. The majority of data infringement continues to be an external actor (70 %), and organizational crime accounts for 55 %. Social attacks such as theft of authentication information, phishing and business email data infringement are mostly (67 % or more) of data infringement. Specifically, it is as follows. ● 37 % of the theft of the authentication information is the stolen or vulnerable authentication information ● 25 % is involved in fishing ● Completely Berizon, which is 22 % in Human error The version is available from dbir dedicated page https://enterprise.verizon.com/ja-jp/resources/reports/dbir/. In the 2020 DBIR, web application infringement has increased twice (43 %) compared to the previous year, indicating that the stolen authentication information was used in more than 80 % of these cases. This is a trend that is concerned as the transition to the cloud of business critical workflow to the cloud accelerates. The ransomware was slightly increased and found at 27 % (2019: 24 %) of malware incident. It has been reported that 18 % of companies and organizations blocked at least one ransomware last year. Tami Erwin, a CEO of Verizon Business, says: "In the face of global pandemic, the security of the end -to -end from the cloud to the employee's notebook PC is the most important. In addition to protecting the system from attacks, in addition to the attack from attacks. As the phishing scheme becomes more and more advanced and malicious, we will request all companies to continue educating employees. "The common attack pattern is identified as the defensive side DBIR It emphasizes the common attack patterns seen in the process of, contributing to identifying the destination of the attacker who is running action. These data infringement routes linked in the order of threat actions (errors, malware, physics, hacking, etc.) will help you predict the final data infringement target and to stop the attack on the way. 。 Therefore, companies and organizations gain a "defensive advantage" and better understand that they should focus on security defense. Small and medium -sized enterprises are the main targets of cyber attackers by increasing the use of cloud and web -based applications and tools that are not immune to Saber attacks. In this case, the DBIR survey results show the following: ● Fishing is the biggest threat to small and medium -sized enterprises and accounts for more than 30 % of all data violations. The stolen authentication information (27 %) and password damper (16 %) follow this. ● Attackers have targeted other internal business -related data such as authentication information, personal data, medical records, internal secrets, and payment information. ● 20 % or more of the attack are for Web applications, and the use of stolen authentication information is involved. DBIR in the industrial field 2020 exposed to cyber risks includes detailed analysis of 16 industries, which are the survey targets, and is the most encounter with security, regardless of size or industry. The highly probable attack type indicates that there are significant differences depending on the type of industry. For example, in the manufacturing industry, 23 % of malware incidents were associated with ransomware, while 61 % in the public sector and 80 % for educational services. Human errors accounted for 33 % of public institution infringement, but only 12 % of the manufacturing industry. Highlights by industry are as follows. ● Manufacturing: Password damper, application data capture, downloader, etc. Use malware to produce financial interests, external attacks, which steal their own data, account for 29 % of data infringement in the manufacturing industry. increase. ● Retails: 99 % of incidents are due to financial motives, and payment data and personal authentication information are still important. Instead of POS devices, web applications are the main targets of data violations in the retail industry. ● Finance and insurance business: 30 % of data violations in this industry are due to web application attacks, external attackers who access confidential data stored in the cloud using the stolen authentication information. It is caused by. This indicates that the transition to online services in the main business is the main cause. ● Educational service business: Ransomware doubled this year, accounted for about 80 % of malware attacks (last year: 45 %), and social engineering accounted for 27 % of incidents. ● Medical: Basic human errors accounted for 31 % of data infringement in the medical industry. 51 % of all data infringement (increased from 42 % of 2019 DBIR) exceeded 48 % (59 % last year) infringement by internal stakeholders. The medical industry is an industry that is often infringed by internal stakeholders who have given access authority to Credential information. ● Public institution: Ransomware accounts for 61 % of malware -based incidents. 33 % of data infringement is by internal officials. However, companies and organizations have a much better performance than before in identification of infringement. Only 6 % (47 % of the previous year) was not found during the year, linked to legal reporting requirements. 81 cooperating companies involved in regional trends 2020 DBIR provide specific insights related to cyber trends in each region to this report and introduce major similarities and differences in the region. For example, 91 % of the infringement for money was in North America, but 70 % in Europe, Middle East and Africa, and 63 % in the Asia -Pacific. Other major survey results are as follows. ● North America: The most commonly used method was to use the stolen authentication information, accounting for more than 79 % of hacking infringement. 33 % of data infringements are related to either phishing or proteechisting. ● Europe, Middle East, Africa (EMEA): DOS attacks accounted for more than 80 % of malware incidents. 40 % of data infringement targets web applications using a combination of stolen authentication information or hacking technology that uses known vulnerabilities. Finally, 14 % of infringements are related to cyber spy activities. ● Asian Pacific (Apac): 63 % of data infringement is due to financial motives, and the phishing attack is over 28 %, indicating a high ratio. Alex Pinto, the main writer of the 2020 Verizon Data Leak Invasion Research Report, commented: "In the headline of security -related publications, it is often talked about spy and grudge attacks as the main propulsion of cyber crimes, but our data is not so. Financial interests are the system. It continues to be the propulsion of organizational crime that abuses vulnerabilities and human errors. The good news is that there are many things that organizations can do to protect themselves. This is a common attack pattern in cyber attacks. The function of tracking is included. This can be a security game changer to regain control of companies around the world. " , The confirmed data leak/infringement of 3,950 was analyzed. This is almost twice (2,013) of the data infringement analyzed last year. These incidents data are provided by 81 cooperating organizations and companies in 81 countries, and are analyzed for 16 industries. The DBIR team accepts the survey results and analysis feedback from readers in this report. Companies and organizations who wish to feedback to the report or want to become a DBIR cooperating company, please contact dbir@Verizon.com.

このプレスリリースには、メディア関係者向けの情報があります。

If you register as a media user, you can browse various special information such as contact information of corporate staff and information on events and press conferences.* The contents vary depending on the press release.