Verizon's 2021 Data Leakage / Data Fraud Investigation Report

Verizon Japan LLC A year of unprecedented security challenges, with an increase in phishing and ransomware attacks, a high level of web application attacks, and the spread of cybercrime in the pandemic epidemic. 29,207 security incidents, of which 5,258 confirmed data breaches / breaches • Fishing attacks increased 11%, ransomware attacks increased 6% • 85% of data breaches involved people More than 80% are detected by outside parties ・ According to breach simulation, the median economic impact of data breach is US $ 21,659, and 95% of incidents are lost from US $ 826 to US $ 653,587. Verizon Japan Joint The company (Chiyoda-ku, Tokyo, hereinafter "Verizon") announced today the Japanese version of the 2021 Verizon Data Leakage / Data Infringement Investigation Report (abbreviation: DBIR). This report investigates and analyzes more breaches than ever before, and focuses on how the most common cyberattack methods have affected the global pandemic and international security environment. I'm guessing. This year's report analyzed 5,258 data breaches / breaches collected from 83 cooperating organizations and companies around the world (2020 results: 3,950). With an unprecedented number of people engaged in remote work, phishing and ransomware attacks increased by 11% and 6%, respectively, and false statements increased 15-fold compared to last year. In addition, 61% of data breaches are related to access to credentials data (95% of businesses / organizations under credential stuffing attacks detect 637-3.3 billion malicious login attempts annually. ). The report also points to the challenges companies face when migrating many of their business functions to the cloud (attacks on web applications, which account for 39% of breaches). Tami Erwin, CEO of Verizon Business, said: “The COVID-19 pandemic has had a significant impact on many of the security challenges companies and organizations are currently facing. Malicious attacks as more companies and organizations move their business-critical features to the cloud. People exploit human vulnerabilities and increased reliance on digital infrastructure, suggesting that potential threats to operations could be more pronounced. ”This year, DBIR Improvements and updates have been made to the Incident Classification Patterns that the reporting team uses to classify security threats. The updated reporting pattern constantly describes 95.8% of analyzed breaches and 99.7% of analyzed incidents, detailing known threats and the best ways companies and organizations can avoid them. Commentary is provided. Notable Industrial Sectors The 2021 DBIR contains a detailed analysis of the 12 industry categories surveyed, showing that while security is an overall challenge, there are significant differences between industries. I am. For example, in the financial and insurance industry, 83% of compromised data was personal data, while in the professional, scientific and technical services industries, it was only 49%. The highlights by industry are: Finance and Insurance: Misdelivery accounts for 55% of errors in the financial industry. The financial industry is frequently faced with authentication fraud and ransomware attacks by external attackers. Medical industry: Basic human error has plagued the industry for the past few years. The most common error is misdelivery of electronic and paper documents (36%). Public Institutions: The biggest threat in the industry is social engineers. Attackers who can compose trusted phishing emails take away their credentials data at an alarming rate. Retail: The retail industry continues to be the target of financially motivated criminals trying to monetize with a combination of payment cards and personal credentials. Social tactics include pre-texting and phishing, the former generally encouraging fraudulent remittances. Regional Trends Eighty-three partners involved in the 2021 DBIR have provided specific insights into their region's cybertrends in this report, highlighting key similarities and differences in the region. increase. Asia Pacific (APAC): Many of the data breaches that occur in APAC are said to have been financially motivated attackers phishing employee credentials and using this information to gain unauthorized access to email accounts and web application servers. Europe, Middle East, Africa (EMEA): EMEA continues to suffer from basic web application attacks, system intrusions and social engineering. North America (NA): NA is often the target of monetarily motivated attackers aimed at exploring cash and easily monetizable data. Social engineering, hacking, and malware continue to be excellent techniques used by attackers in the region. Alex Pinto, lead author of the 2021 Verizon Data Leakage / Data Fraud Investigation Report, commented: “From the content of this report, it's not surprising that we need overwhelming and revolutionary solutions to respond to a wide variety of threats, but the reality is much easier. Companies and organizations. Needs to be prepared to deal with exceptional situations, while building a cybersecurity defense foundation on a strong foundation that can address and mitigate the threats most relevant to each company / organization. About DBIR The 14th issue of 2021DBIR analyzed 29,207 security incidents and 5,258 confirmed data breaches / breaches. This is well above the number of data breaches analyzed last year (3,950). Data on these incidents are provided by 83 cooperating organizations and companies in 88 countries around the world and are analyzed in 3 regions and 12 industry categories surveyed. The full version and executive summary of Verizon's 2021 Data Leakage / Data Fraud Investigation Report is available on the DBIR dedicated page https://www.verizon.com/business/ja-jp/resources/reports/dbir/. is.

This press release contains information for the media community.

If you register as a media user, you can view various special information such as contact information of the person in charge of the company and information on events and press conferences. * Contents vary depending on the press release.