Arts, Entertainment and Recreation

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank You.

Gracias.

You may now close this message and continue to your article.

  • Resumen

    Web applications attacks led to many breaches in this sector. Denial of Service attacks are higher bits- per -second volume in this industry than in the overall dataset.  Social engineering attacks and errors also figure prominently in this vertical.  


    Frequency

    194 incidents, 98 with confirmed data disclosure


    Top Patterns 

    Web Applications, Miscellaneous Errors and Everything Else represent 68% of data breaches


    Threat Actor

    External (67%), Internal (33%), Partner (1%), Multiple (1%) (breaches)


    Actor Motives

    Financial (94%), Convenience (6%) (breaches)


    Data Compromised 

    Personal (84%) Medical (31%), Other (26%), Payment (25%) (breaches) 


    Top Controls

    Boundary Defense (CSC 12), Secure Configurations (CSC 5, CSC 11), Implement a Security Awareness and Training Program (CSC 17)


  • Wake up in a good mood and start hacking

    While hackers were once described as being “like an artist,” organizations in this industry that have been on the receiving end of some of these artistic endeavors might have a slightly different opinion. Although creativity and novelty are the hallmarks of this industry, the majority of the breaches in this sector may suffer from artistic criticisms such as “derivative” or “this has been done before” given that the top breach patterns are Web Applications, Miscellaneous Errors and  Everything Else (Figure 57). 

  • Figure 57
  • Fraudulent Forgers Fool Frequently.

    Much like how the authenticity of art can be difficult to establish, humans also struggle with determining the legitimacy of electronic communications.  This accounts for the prevelance of the Everything Else pattern, where social engineering takes the wheel. In 2019, a Social action was found in approximately 18% of breaches. But to return to the topic of human nature, accidents and errors such as Misconfigurations and Misdeliveries remain a common issue for this sector. The growth in accidental breaches can been seen in Figure 58, where there has been a converging of Internal and External actors over the last few years.  While this rise could be due to changes in breach reporting, it has remained consistent since 2016.

  • Figure 58
  • Untitled Work II 

    Companies want to be able to maintain their data’s integrity, and cyber criminals know that. This year the top Malware varieties (Figure 59) included functionality such as ‘Capture app data’.  This and the others listed allow bad actors to steal quietly into your systems and siphon your data, while leaving worms to spread across your environment and ransomware to lock away your key data.  These are either introduced on web servers via a vulnerability, or on desktops through the tried and true method of email phishing. 
     

  • Figure 59

  • The DDoS-er

    One very interesting result from our research this year was that this industry experienced the highest rate of DDoS attacks (Figure 60), beating out even the Information sector – our usual winner - by a wide margin. This NAICS code contains the online gambling industry as a member, and they are likely the ones driving this trend. Apparently, DDoSing your business rival is a thing in that realm.  Who knew?

  • Figure 60