Securing the Enterprise

How major security incidents have evolved over the last six years

In Protocol’s data analysis of the changing cyberthreat landscape, attacks using stolen credentials are on the rise, while phishing risks are down.

Hacker in Black Gloves Hacking the System.

Verizon’s Data Breach Investigations Report charts the frequency of specific types of security incidents.

Photo: boonchai wedmakawand/Moment/Getty Images

Phishing is out, and stolen credentials and ransomware are in.

These graphs, made by Protocol using data provided by Verizon’s Data Breach Investigations Report, chart the frequency of specific types of security incidents — phishing, stolen credentials, and ransomware — across major industries since 2016.

Chart: AJ Caughey

The stolen credentials data tells a pretty clear story. Breaches using stolen credentials are on a consistent, industry-agnostic incline. These types of breaches have become much more popular since so many workers left the relative safety of their corporate networks for more penetrable personal home networks.

As Microsoft’s Vasu Jakkal recently told Protocol, “The network was the perimeter in many ways — you went inside the network and that was the first level of defense. Now we live in a different world. Since the pandemic, identity has become that first level of defense. And that's a massive shift. We now live in a boundaryless world.”

Phishing has charted a slightly more varied path, though we can track a steady decline in breaches across all four industries in recent years. The Public Administration sector, which includes local, state, and national government agencies and nonprofits, showed the most variance in this six-year period. Breaches in this sector have typically relied on social engineering, with phishing making up the majority of those breaches alongside misconfiguration and other miscellaneous errors, but 2021 saw a serious decline in this style of breach in favor of attacks involving malware, hacking, and ransomware.

According to our data, this is a multi-industry trend. The frequency of breaches using ransomware surpassed those involving phishing in the Information and Manufacturing industries in 2020 and 2021. This represents a turning point for the once-dormant ransomware, which thrives on network vulnerabilities.

Chart: AJ Caughey

Despite the best attempts of detection tools, ransomware made a mighty comeback in the last two years. In 2021, it was present in a quarter of all breaches, according to Verizon.

In this new cyberthreat landscape, stolen credentials have risen to the top as the greatest security risk facing businesses and the public sector, but malware is still a growing thorn in the side of the security team. To adapt to this new reality and the increased risks that come with working on our home networks, security leaders will need to invest in better employee training and tools like multifactor authentication and zero trust to keep their businesses secure.

After all, limiting stolen-credential breaches also means fewer access points for ransomware to access your network.

More from Securing the Enterprise