Small (Less than 1,000 employees)
Frequency
1,037 incidents, 263 with confirmed data disclosure
Top Patterns
System Intrusion, Miscellaneous Errors, and Basic Web Application Attacks represent 80% of breaches
Threat Actors
External (57%), Internal (44%), Multiple (1%), Partner (0%) (breaches)
Actor Motives
Financial (93%), Espionage (3%), Fun (2%), Convenience (1%), Grudge (1%), Other (1%) (breaches)
Data compromised
Credentials (44%), Personal (39%), Other (34%), Medical (17%) (breaches)
Diving back into SMB breaches
Thank You.
Gracias.
You will soon receive an email with a link to confirm your access. When you click to confirm from your email, your document will be available for download.
If you do not receive an email within 2 hours, please check your spam folder.
Gracias.
You may now close this message and continue to your article.
One size fits all-most
The first thing we noticed while analyzing the data by organizational size this year was that the gap between the two with regard to the number of breaches, has become much less pronounced. Last year, small organizations accounted for less than half the number of breaches that large organizations showed. Unlike most political parties, this year these two are less far apart with 307 breaches in large and 263 breaches in small organizations.
Another interesting finding was that the top patterns have aligned across both org sizes. For the first time since we began to look at this from an organizational size perspective, the two groups are very similar to each other and, at least pattern-wise, this seems like a ‘one size fits all’ situation.
Last year, small organizations were greatly troubled by Web Applications, Everything Else and Miscellaneous Errors. The changes in our patterns account for a good bit of what we see this year in small organizations, since the Everything Else pattern was recalibrated, and the attacks that remain are largely Hacking and Malware, thus fitting into the System Intrusion pattern. In contrast, large organizations saw a fair amount of actual change. The top three last year were Everything Else, Crimeware and Privilege Misuse. The pattern recalibration means that most of the Crimeware type events went into System Intrusion and Basic Web Application Attacks, but Privilege Misuse is not a pattern that saw any substantial degree of change. Therefore, this is an indication that we saw less Internal actors doing naughty things with their employer’s data.
Large (More than 1,000 employees)
Frequency
819 incidents, 307 with confirmed data disclosure
Top Patterns
System Intrusion, Miscellaneous Errors and Basic Web Application Attacks represent 74% of breaches
Threat Actors
External (64%), Internal (36%), Partner (1%), Multiple (1%) (breaches)
Actor Motives
Financial (87%), Fun (7%), Espionage (5%), Convenience (2%), Grudge (2%), Secondary (1%) (breaches)
Data compromised
Credentials (42%), Personal (38%), Other (34%), Internal (17%) (breaches)
Since the patterns have now largely aligned between the two organizational sizes, we can talk a little about what that means for both. First, both are being targeted by financially motivated organized crime actors. This isn’t a news flash to anyone (or shouldn’t be) because professional criminals do tend to be motivated by money. For that matter, we’d wager most amateur criminals are as well (if we were the wagering type, which, of course, we aren’t. As far as you know).
Concerning the common patterns of System Intrusion and Basic Web Application Attacks, those run the gamut of simple to complex attacks, frequently focused on web infrastructure. The Hacking action of Use of stolen creds followed by Malware installation is the playbook these actors prefer to follow. Increasingly, we see ransomware deployed by the actor after access; sometimes after they have taken a copy of the data to incentivize their victims to part with their hard-earned Bitcoin.
When we turn to Discovery timelines, we see a difference between the organizational sizes (Figures 123 and 124 respectively). Last year we reported that smaller organizations seemed to be doing better in terms of discovering breaches more quickly than their larger counterparts. This year’s data shows that large organizations have made a shift to finding breaches within ‘Days or less’ in over half of the cases (55%), while small organizations fared less positively at 47%.
This year’s data shows that large organizations have made a shift to finding breaches within ‘Days or less’ in over half of the cases (55%), while small organizations fared less positively at 47%.
Let's get started.
Choose your country to view contact details.
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.