Global Enterprise Data Breaches 2021: a devastating reality
Given that the patterns have now largely lined up for Enterprise Data Breaches 2021 between the two organisational sizes (SMB and Enterprise), we can talk a little about what that suggests for both. Initially, both are being highly targeted because of financial motivation by organised crime actors. This isn’t a piece of news to anyone (or shouldn’t be) because expert hackers and professional criminals do tend to be motivated by money. For that matter, we’d wager most amateur felons are also (if we were the betting type, which, of course, we aren’t. As far as you know).
Concerning the most common patterns of System Intrusion and Basic Web Application Attacks, those run in the range of simple to complicated attacks, frequently focused on the web infrastructure. The Hacking activity of employing gathered credentials (username/password) followed by Malware installation is the playbook these actors prefer to follow. Progressively, we see ransomware deployed after gaining access; often after exfiltrating personal and/or sensitive data to motivate their victims to pay via Bitcoin payments.
When we examine timelines, we see a distinction between the organisational sizes. Last year we reported that smaller companies appeared to be doing better in terms of finding breaches quicker than their bigger equivalents. This year’s data shows that big organisations have made a shift to detecting breaches within ‘days or less’ in over half of the cases (55%), while small companies managed at 47%.
Global Enterprise breaches:
- 819 incidents
- 307 confirmed data disclosures
representing 74% of breaches
- System Intrusion
- Miscellaneous Errors
- Basic Web Application Attacks