As we all headed indoors in 2020 to slow the spread of COVID-19, the world relied heavily on digital tools and the internet to keep the wheels turning. While today’s technology proved to be a lifeline for individuals and businesses in the face of the pandemic, it also offered a larger playing field for cybercriminals angling for illicit gains through phishing.
From phishing emails, to human error, to cyber attacks on unsecured networks, there are so many ways a data breach can occur. The knock-on effect of this was a sharp increase in the number of data breach compensation claims in 2020. The question is, has this continued into 2021? We explore this in this article…
2021 Data Breach Statistics
Before we dive into one of the most common types of data breach in 2021, we first need to explore whether data breaches have risen during this year. Of course, the year is not yet out, so we can’t be sure how many we’ll end up with. But, the statistics in October already show a huge increase on the previous year.
In fact, where 2020 saw 1,108 publicly reported data breaches, 2021 had already seen 1,291 breaches by October. Although the all-time high was set in 2017, with 1,529, if things keep going the way they are, 2021 could be the biggest year yet.
The Most Common Data Breaches in 2021: Human Error and Phishing
Cybercrime and data breaches pose a considerable threat to businesses, and can result in financial losses and even legal action. They can also cause a huge loss of trust in a business, which is sure to lead to a loss in customers, and damage to the brand that lasts.
Human error is the biggest cause of data breach, covering around 80 to 90 percent of attacks. This human error not only involves documents being left in unsecure places, doors being left unlocked, and more, it also involves people falling for phishing emails, texts and calls.
Because of this, phishing remains one of the most common types of cybercrime in 2021 that businesses have to tackle.
Phishing refers to the act of stealing user data, including login and financial information, by tricking somebody into opening an email or message which contains a malicious link. When clicked on, it activates a ransomware attack or the transfer of personal or sensitive information.
There are a number of different ways in which phishers hook their victims, so we’ll take a look at the most frequently used methods in 2021:
Subject Lines
Phishers are big fans of using urgent or important sounding subject lines to reel in their victims and, some examples of this are:
- Gmail: Security Alert – new or unusual login
- Important changes to your healthcare benefits
- Google Pay: Payment sent
- Your Amazon account is suspended: immediate action required
These headlines work on a basis of fear, and can often result in people opening messages which contain phishing nasties.
Attachments
We’ve been told time and time again not to open attachments from people we don’t know. That said, in 2021, a significant amount of data breaches occur as a result of people doing just that. Common phishing attachments include:
- Windows executables – 74%
- Script files – 11%
- Office documents – 5%
- Compressed archives – 4%
- PDF documents – 2%
As a rule of thumb, it’s a really bad idea to open an attachment that you’re not expecting or which doesn’t seem relevant to you or your work. The resulting attack can be devastating for your personal or business data.
Brand Impersonation
Most of us have come across these in either our personal or professional lives and, many of these types of attack can be pretty obvious. This makes it all the more baffling to discover that a large number of people are still falling for this kind of phishing.
This method involves sending emails which purport to be from a well-known brand, which is commonly used by a huge number of people. The most common of these are:
- Microsoft – 43%
- DHL – 18%
- LinkedIn – 6%
- Amazon – 5%
The simple advice here is that, if you’re not sure about an attachment, don’t open it!
Reeling in the Cybercriminals
In the past 12 months, four in ten businesses reported that they had suffered some form of cybercrime in the form of phishing or data breaches. These harmful attacks can cost significant amounts of money in the form of data breach compensation as well as eroding trust with clients and investors – particularly in the age of GDPR.
As 2022 approaches, businesses need to be training their employees on security best practices as a bear minimum. On top of this, they should be investing in security software to help stop the hackers in their tracks and protect the interests of their business and customers.
Please be advised that this article is for general informational purposes only, and should not be used as a substitute for advice from a trained cyber security professional. Be sure to consult a cyber security professional or the Information Commissioner’s Office (ICO) if you’re seeking advice about protecting your business data. We are not liable for risks or issues associated with using or acting upon the information on this site.