Verizon has recently released its 2020 Data Breach Investigations Report, an analysis of over 150,000 security incidents to assess how the overall threat landscape is shifting and where and how bad actors — the bad guys behind any security incident — are carrying out their attacks. Particularly in the COVID era when new threats are emerging as a result of remote work, and bad actors are working tirelessly to take advantage of the situation, it is important for organizations to understand the new threats facing their industry so that they can take appropriate actions to guard against them. Having reviewed the report, we have pulled out some of the top trends and most surprising developments for businesses to keep in mind as they work to ensure the security of their customers.
It probably won’t come as a surprise, but fraudsters, hackers and other bad actors are typically after one thing — your money by way of data. This was no different in 2019, with Verizon finding that 86% of attacks were financially motivated. However, the methods used by threat actors to carry out their attacks is shifting. Verizon found that payment card skimming and Point Of Sale (POS) terminal attacks are declining, with card skimming down to just 0.7% of all data breaches and POS down to 0.8%. While these may be continuing to decrease, there is one type of attack that just won’t quit — web application attacks. These account for the most hacking incidents in 2019 and impacted every single industry assessed in Verizon’s report.
Where bad actors are carrying out their attacks is also changing. Payment and bank data breaches were about equal in 2019, however, while bank compromises have remained steady, payment breaches continued to decline. And despite concerns around how retailers use and store consumers’ data, the retail industry saw only 287 security incidents. What is alarming is that payment data made up 47% of the compromised data in the retail industry, suggesting retailers may need to take further steps to guard consumers’ sensitive payment details.
So where are these bad actors hitting the hardest? Professional services. This sector, which includes everything from legal and accounting services to large consulting firms, experienced the most security incidents, with 7,463 reported incidents. It is worth noting, however, that only 326 of these were confirmed data breaches where data was disclosed, and that the majority of breaches involved personal details rather than payment information. The healthcare industry also saw a large increase in security incidents this year, with 521 confirmed data breaches, up from just 304 last year.
What may come as a big surprise to many is that despite continued concerns around the security of the cloud, cloud assets were involved in only 24% of breaches, while on-premises assets were involved in 70%. Therefore, overall the cloud is more secure than keeping assets on-prem but by no means immune to the ever evolving threat of hackers.
Keeping these evolving threats in mind, there are a number of steps businesses can take to better protect themselves and their customers from bad actors:
- While employees continue to work from home, ensure they are engaging in safe cybersecurity practices that won’t leave themselves and your company vulnerable to increasing threats. Steps like using unique passwords and changing passwords regularly will improve account security so that bad actors can’t easily access your company’s sensitive information.
- For companies that take any sensitive information over the phone such as customer payment details, utilizing DTMF masking technology ensures this data is handled securely and can’t be accessed by customer service agents or bad actors.
- Better yet, complying with the Payment Card Industry Data Security Standard (PCI DSS) across any customer service lines taking payments so that sensitive cardholder information is never stored in your environment and isn’t accessible to any bad actors in the event of a breach.
If you’re concerned about how any of these threats might affect your company, contact PCI Pal today to learn how our secure payment solutions can guard your company against evolving attacks and ensure compliance with data privacy regulations.