Report: Phishing behind 70% of government breaches
Of the nearly 30,000 security incidents analyzed in the 2021 Verizon Data Breach Investigations Report, the public sector was the second-most victimized industry (following entertainment) with 3,236 reported incidents and 885 total breaches.
Most of those attacks came through social engineering campaigns, which accounted for 69% of the public-sector breaches. Attackers hitting government agencies relied almost exclusively on email phishing as the predominant vector, the report said. With unprecedented numbers of employees working remotely, phishing and ransomware attacks overall increased by 11% and 6% respectively.
Most of the threats to public-sector systems were external (83%) and motivated primarily by financial gain (96%) rather than espionage (4%), Verizon said. Attackers were overwhelmingly interested in obtaining credentials, with 80% of incidents attempting to steal logins and passwords that would further the attacker’s presence in the victim’s network and systems.
After phishing, miscellaneous errors placed a distant second as a cause of security incidents in the public-sector vertical. Those errors consisted of misconfigurations and misdelivery of emails and paper documents, according to the report.
This year’s report saw 5,258 breaches from 83 contributors across the globe, a third more breaches analyzed than last year.
Connect with the GCN staff on Twitter @GCNtech.