The report analyzed 32,002 security incidents and 3,905 confirmed breaches reported by 81 organizations from a range of industries around the world.
“Every year I am surprised by the number (of financially motivated attacks),” Sowmyanarayan Sampath, president of global enterprise for Verizon Business Group, told CNN Business. “If you look at most of the news that’s out there, you see state actors, espionage, trade secrets, but most of these breaches are people wanting to steal money from you.”
“If you have common passwords for many sites, and one site gets exposed and that information is available on the dark web, (bad actors) will go through and try different sites to see what opens up,” he said.
As use of cloud computing grows, attacks on web applications, such as online email or remote collaboration systems, are another growing way hackers carry out breaches. Web application attacks doubled over the past year to 43%, according to the report.
Protecting company computer networks when so many are working from home requires “a major mindset change,” Sampath said. He added that whereas companies have long thought of enacting cybersecurity measures as building a moat around a castle, when employees aren’t working from a centralized office space, it’s even harder to identify where the “castle” is. Instead, he said, companies should adopt a “zero trust” approach to security.
“Everyone touching your network has to be authenticated,” Sampath said. “Every application, every bit of data that comes in, you verify it … You just have to do a lot more to check, (including) multi-factor authentication, identity management, encryption.”