What COVID-19 means for the data breach landscape: Learnings from confirmed data breaches
A three-month analysis on the possible impact of COVID-19 on the data breach landscape has shed light on an increasing number of threat actors worrying cyber-security specialists. The Verizon Business study reviewed 474 data breach incidents from March – June 2020 based on contributor data, publicly disclosed incidents and Verizon’s own observations drawn from its collective years of experience. It focuses on 36 confirmed data breaches which were identified as being related directly to the COVID-19 pandemic.
“ In view of the COVID19 pandemic, many large and small organisations have adopted new technologies such as software- as-a-service (SaaS) solutions, increased cloud-based storage and the use of third-party vendors in record time to continue to support their customers. While the SaaS solutions mentioned above, or the cloud itself, are not inherently less secure, however the concern arises from the fact that due to the conditions the pandemic has created, most organizations are adopting them in a hurried fashion, and they are often forced to do so while relying on fewer resources in terms of both personnel and revenue thereby multiplying the risk ” said Prashant Gupta, Head of Solutions, Verizon Business.
The analysis has thrown up an increasing number of commonly seen threat actors, which include:
Increase in Error — The Verizon Business 2020 Data Breach Investigations Report (DBIR) outlined that almost a quarter of all breaches were due to human error and this trend continues during the pandemic. This is due in part to organizations operating with a reduced number of staff due to illness, redundancies and/or with staff who have limitations due to their remote status. At the same time, these organizations are often experiencing unusually heavy workloads with a much higher reliance on new and unfamiliar solutions that need to be deployed quickly.
Stolen credential-related hacking — The DBIR shows that over 80 percent of breaches within the hacking category are caused by stolen or brute forced credentials. During the pandemic, this is now being exacerbated by the large number of employees working from home and the maintaining external workstations for remote access, leaning on SaaS platforms. Business IT departments are being challenged to secure company assets on the corporate network while the majority of the workforce is out of the office.
Phishing — In order to utilize stolen credentials, an attacker must first be able to obtain them and phishing remains one of the most commonly used methods. Prior to COVID-19 the 2020 DBIR flagged that credential theft and social attacks such as phishing and business email compromises were at the root of the majority of breaches (over 67 percent) and this trend has continued. Specific terms in combination with “COVID” or “CORONAVIRUS,” such as “masks,” “test,” “quarantine” and “vaccine” were found to be widely used within the time period. In March, a phishing simulation, conducted by a DBIR contributor, performed on approximately 16,000 people found that almost three times as many people not only clicked through a phishing link, but also provided their credentials to the simulated login page.
“Businesses need to start taking far greater responsibility in protecting their technology infrastructure. From deploying more robust security protocols to ensuring timely data breach disclosure policies. Once you lose public confidence, gaining that credibility back can often be an uphill task”, said Dr Zaki Qureshy, Founding Father, Hyderabad Security Cluster.
