Ransomware accounted for 61 percent of malware-based data breach incidents over most of 2019, according to the Verizon 2020 Data Breach Investigations Report, reflecting that financial gains are the top motivator for three-quarters of threat actors.
Ransomware, however, is not a typical culprit of confidentiality breaches. “Rather, it is an integrity breach due to installation of the software, and an availability breach once the victim’s system is encrypted,” the Verizon report clarifies.
With the bulk of public sector data coming from the U.S. Federal government, Verizon reported that there was a total of 6,843 cyber incidents with 346 cases of confirmed data disclosure between November 2018 and October 2019. On a more positive note, the Verizon analysis explains that the public sector has greatly improved its ability to identify breaches; only six percent of data breaches went undiscovered for a year, compared to 47 percent previously.
“As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” Verizon Business CEO Tami Erwin said of the new report. “In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.”
The public sector also struggles with misdelivery – sending sensitive information to the wrong recipients – and misconfiguration, when someone puts data in the cloud without the proper security measures in place. Most data breaches (59 percent), however, are caused by external threat actors, Verizon states. Of the breaches that do occur, just over half (51 percent) of data compromised in public sector data breaches documented by Verizon involved personal information.