Technology organizations are among some of the most attacked in the world. And while they appear to be successful at defending against a certain class of known threats, they remain vulnerable to more sophisticated modern attacks.
This is just one of the insights provided by Verizon’s just-released 2020 Data Breach Investigation Report.
In their report, Verizon compiles recent breach data from over 80 different contributing organizations. At Paladion, we are proud to be one of those contributing organizations yet again. Further, we have found that Verizon’s analysis of the current breach landscape aligns with our own experiences monitoring and defending organizations in the Technology space.
Read on, and learn about what has changed in the Technology breach landscape over the last year, what specific threats are currently targeting organizations in this sector, and what you can do to defend yourself over the coming year - to prevent your organization from becoming another data point in Verizon’s survey.
Technology: The Third-Most Attacked Industry in 2020
In the past year, the Finance industry saw 5,471 security incidents, with 360 of those incidents resulting in confirmed data breaches. Among all industries, Technology organizations suffered the third-highest volume of incidents and the fourth-highest volume of confirmed data breaches.
These organizations were unable to determine the size of most of these confirmed data breaches. They were able to determine that 32 of their breaches were small, and 32 were large but were unable to determine the size of the remaining 296 breaches that they suffered.
Compared to most other industries, technology companies were relatively successful at defending against attacks and preventing security incidents from becoming confirmed data breaches. Only approximately 6.5% of the incidents that Technology organizations suffered resulted in successful breaches.
While this is an encouraging figure and speaks well of the current defensive capabilities of Technology companies, it is still not good enough to prevent potentially damaging breaches. Yet given the high volume of attacks that Technology organizations suffer - and the wide variety of attacks leveraged against them - they must continue to work to further extend their security capabilities.
The Threat Landscape for Technology Organizations
Technology organizations suffer from a wide range of different attacks that the report bundles into three different categories - Web Application attacks, Miscellaneous Errors, and a category they refer to as “Everything Else.” These three categories of attack account for 88% of all data breaches suffered by Technology organizations over the prior year.
The report bundled the following Individual attacks bundled in these three categories:
- Web Application Attacks: Accounted for over 40% of breaches, and have increased substantially year-over-year (in both volume and percentage of breach-causing attacks). Malicious actors are taking advantage of both web exploits and stolen credentials to launch these attacks.
- Miscellaneous Errors: Accounted for approximately 30% of breaches, but have held steady year-over-year. The vast majority of these errors come from misconfigurations and come from exposed Cloud-based databases and file storage that were never properly secured.
- Everything Else: Accounted for 16% of beaches, and were primarily made up of social engineering attacks. Most of these social engineering attacks were delivered by either phishing or pretexting, with malicious actors using “typo-squatted domains of partners” to directly request credentials or data.
Additional attack vectors leveraged against Technology organizations included a rising number of DoS attacks leveraged to disrupt the organization’s services and capabilities.
Of these attacks, most were launched by external actors (67%) and not internal actors (34%), with a very small minority of attacks caused by multiple actors (2%) or members of the organization’s partner network (1%).
While Technology organizations were widely attacked, through a variety of means, there is some good news in the data. Technology organizations have a significantly higher patch rate for known vulnerabilities (82%) than the overall landscape of organizations in every industry (44%). However, given the large number of successful breaches caused by stolen credentials, configuration errors, and social engineering attacks, it is clear that malicious actors have found other ways to compromise Technology organizations other than known vulnerabilities.
Why Technology is A High-Incident Vertical
Nearly all of the attacks launched against Technology organizations last year had financial motivations (88%) with a small minority of attacks performed for espionage (7%) or due to a grudge (2%).
Malicious actors sought many different types of data through their breach. The majority (69%) of attacks sought personal information, and a large minority of attacks (41%) sought credentials. But 16% of breaches also targeted internal information at the Technology organization, and 34% sought a variety of “other” information.
Given the large volume of attacks levied against Technology organizations, the wide variety of attacks that evade traditional security controls, and the variety of data that malicious actors consider valuable to steal, it is clear that Technology organizations must extend their security capabilities beyond their existing practices.
How Technology Organizations Can Protect Themselves
Verizon’s report offers a few suggestions that Technology organizations can follow to improve their defenses, namely - they can implement security awareness and training programs, establish more secure configurations, and perform continuous vulnerability management.
We agree on all of these points, but - given the data provided by Verizon and the threats these data exposed - would suggest a few additional security extensions for Technology organizations:
- Managed Detection and Response, given the high percentage of attacks that they suffer which do not exploit known vulnerabilities, and are not addressed by the Technology vertical’s high patch compliance rates.
- Cloud Security Monitoring given the fact the majority of the data breaches they suffered came from either misconfiguration of their Cloud deployments or successful attacks against the web applications they leverage.
- User Behavior Monitoring given the high percentage of data breaches that were caused by users falling for phishing attacks and other forms of social engineering.
If you are interested in learning how to bring these defenses to your Technology organization, reach out to Paladion today.