Financial and Insurance

The Misuse action was among the top three causes of breaches for this vertical in last year’s report, but it dropped from 21.7% in the 2019 report to only 8% this year. While this pattern saw a decline in our overall dataset, we are not of the opinion that all employees have suddenly become virtuous with regard to abusing their access. It is more likely that this is simply reflective of a change in contributor visibility rather than a sign of extreme moral rectitude in the workforce.

We switch our focus from malicious actions to those that were unintentional in Figure 67. The most common Error was Misdelivery, which is pretty much exactly what it sounds like: sending information to the wrong person. This can be with electronic data, such as an email sent to the incorrect recipient by an autofill in the “To:” field. Or it can be paper documents, such as a mass mailing that is incorrectly addressed. Both can result in a large breach, depending on what file(s) were attached to the email, or how large the mass mailing was.

The second most common Error is one that has been experiencing a surge in popularity—the Misconfiguration. This occurs when someone (often a system administrator) fails to secure a cloud storage bucket or misconfigures firewall settings. In the case of both Misdelivery and Misconfiguration, the motivation was overwhelmingly carelessness. Good security practices? Ain’t nobody got time for that.

The wallflowers of the breach world

Like the shy creatures that line the walls of the middle school dance, those attacks that are shy in providing sufficient detail end up in the Everything Else pattern. Here languish the average, yet successful phishing attacks, and the increasingly common business email compromise in its various forms. Among its many incarnations is the phishing email masquerading as coming from someone in the executive level of the company asking for something of monetary value.
 

Keep on playing those mind games together

We also see invented scenarios (Pretexting) manufactured in order to plausibly convince the target to transfer money to the attacker’s bank account. Figures 68 and 69 illustrate the popularity of these common social attacks. One key takeaway is that the weakest link in many organizations is their staff. Is it likely that the average user (who was targeted based on their access to data) will challenge a request that appears to be coming from someone who has the authority to fire them? Our data indicates that signs point to no.

The majority of attacks in this sector are perpetrated by external actors who are financially motivated to access easily monetized data stored by the victim organizations. While there remains a small amount of Cyber-Espionage by nation-state actors in this industry, most attacks are perpetrated by someone who is all about the shekels.