Ransomware and phishing drive data breach spike

Joseph Brookes
Senior Reporter

Phishing and ransomware attacks spiked in the last year leading to a growing number of data breaches, according to analysis of more than 29,000 security incidents.

Australian governments and businesses were among 83 organisations to contribute to Verizon’s latest Data Breach Investigations Report, now in its 14th iteration.

The latest report found 5,258 of the incidents analysed, or around 18 per cent, resulted in a confirmed data breach.

The analysis found a human element is present in almost every breach, and most involve users’ credentials. Financial services and health organisations were heavily targeted, in line with incidents reported to Australia’s mandatory notifiable data breach scheme last year.

Phishing was present in 36 per cent of the breaches analysed by Verizon, up from 25 per cent last year. The presence of ransomware in breaches also doubled in the last year, and is now used in one in ten data breaches, according to the report.

Phishing and ransomware are leading to more data breaches, according to new analysis.

More than 1,000 data breaches were reported to Australia’s Privacy Commissioner last year, as part  of a mandatory reporting scheme for large companies and government agencies.

In 2020, the government unveiled a $1.7 billion cybersecurity strategy that focuses on protecting essential infrastructure from cyber-attacks, improving the resilience of businesses and uplifting community awareness of cybersecurity.

However, the policy has been criticised by the Opposition for not addressing ransomware, and a dedicated strategy for the growing threat is yet to be developed in Australia.

The Verizon report breaks down global regions, showing many APAC breaches were caused by financially motivated attackers phishing employees for credentials, and then using those stolen creds to gain access to mail accounts and web application servers.

Lead author of the Verizon report, Alex Pinto, said sweeping and revolutionary solutions for data breaches aren’t realistic and mitigation must be straightforward.

“The truth is that, whilst organisations should prepare to deal with exceptional circumstances, the foundation of their defences should be built on strong fundamentals – addressing and mitigating the threats most pertinent to them.”

Verizon Business chief executive officer Tami Erwin said the COVID-19 pandemic had a “profound” on the security challenges organisations are facing, and cloud technologies are creating new risks.

“As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures,” she said.

Do you know more? Contact James Riley via Email.

1 Comment
  1. Verizon are wrong we have had a solution to stop phishing attacks for more than 11 years.

Leave a Comment

Related stories