Working from home? Your data might be at risk. US report finds massive spike in hacking this year

With most people working from home, due to the Coronavirus pandemic, there has been a surge in cybercrime. The year 2021 saw 5,258 data breaches across the globe, a third more breaches analysed than last year, according to a report on Thursday.

The 14th edition of Data Breach Investigations Report (2021 DBIR) by US-based Verizon Business, analysed 29,207 security incidents from data collected from 83 contributors, with victims spanning 88 countries; 12 industries, and three world regions.

The report showed that with an unprecedented number of people working remotely, phishing and ransomware attacks increased by 11 per cent and 6 per cent respectively, with instances of misrepresentation increasing by 15 times compared to last year.

Additionally, breached data showed that 61 per cent of breaches involved credential data. About 95 per cent of organisations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year.

"The COVID-19 pandemic has had a profound impact on many of the security challenges organisations are currently facing," said Tami Erwin, CEO, Verizon Business, in a statement. "As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures," Erwin added.

Among Financial and insurance industries, 83 per cent of data compromised in breaches was personal data, while in Professional, Scientific and Technical services industries only 49 per cent was personal.

Further, the 2021 DBIR report also revealed many breaches that took place in Asia Pacific regions were caused by financially motivated attackers — phishing employees for credentials, and then using those stolen credentials to gain access to mail accounts and web application servers.

Europe, Middle East and Africa regions saw basic web application attacks, system intrusion, and social engineering, while Northern America was the target of financially motivated cyber criminals searching for money or easily monetisable data. Social engineering, hacking and malware continued to be the favoured tools utilised by cyber criminals in this region.