Professional, Scientific and Technical Services
NAICS 54

Resumen

The combination of the System Intrusion and Social Engineering patterns account for the majority of cases in this sector. The Use of stolen credentials is widespread, and employees have a definite tendency to fall for Social tactics.

Frequency

1,892 Incidents, 630 with confirmed data disclosure

Top Patterns

System Intrusion, Social Engineering and Basic Web Application Attacks represent 81% of breaches

Threat Actors

External (73%), Internal (26%) (breaches)

Actor Motives

Financial (97%), Espionage (2%), Grudge (1%) (breaches)

Data compromised

Credentials (63%), Personal (49%), Other (21%), Bank (9%) (breaches)

Top IG1 Protective Controls

Security Awareness and Skills Training (14), Access Control Management (6), Secure Configuration of Enterprise Assets and Software (4)

If Professional Services is your sector, you know that it is at best an eclectic NAICS code, with members that have wildly different footprints in terms of attack surfaces. One thing they seem to have in common is their reliance on internet connected infrastructure, and the risk inherent in that architecture. The System Intrusion and Social Engineering patterns competing the top slots illustrates not only the vulnerability of that infrastructure, but also of the employees of these organizations (Figure 113). 

The actors behind the System Intrusion pattern have some powerful tools at their disposal to gain access to their targets. Some of these cases began with the Use of stolen credentials or Exploiting a vulnerability, and ended with Malware being dropped on their victims. Frequently that malware was Ransomware, leading to extortion demands and downtime. The overall rise of Ransomware is something we’ve talked about in prior DBIRs, and the trend shows no signs of slowing. The growing tactic of the adversaries taking a copy of the data as a prod to help encourage their victims to pay up (which we saw begin just after the data collection period had ended for last year’s report) has become increasingly popular as well. Thus we see a rise of Ransomware cases where there is also a confirmed data breach, as these actors post copies of their victim’s data on the internet.

Combine this with the Social Engineering pattern, and you have to worry about not only your infrastructure, but your people’s ability to withstand Social tactics as well. Phishing was the leading Social action, but we also saw a good representation of Pretexting via email (Figure 114).