Frequency
2,337 incidents, 338 with confirmed data disclosure
Top patterns
System Intrusion, Basic Web Application Attacks, and Social Engineering represent 88% of breaches
Threat actors
External (96%), Internal (4%) (breaches)
Actor motives
Financial (88%), Espionage (11%), Grudge (1%), Secondary (1%) (breaches)
Data compromised
Personal (58%), Credentials (40%), Other (36%), Internal (14%) (breaches)
Top IG1 protective controls
Security Awareness and Skills Training (CSC 14), Access Control Management (CSC 6), Secure Configuration of Enterprise Assets and Software (CSC 4)
What is the same?
This industry continues to be targeted by financially motivated actors as well as actors committing espionage.
Resumen
The Mining and Utilities industry faces similar types of attacks as other industries such as those targeting credentials and leveraging Ransomware, but in addition has a high rate of social engineering attacks like Phishing.
Mining, Quarrying, and Oil & Gas Extraction + Utilities
NAICS 21+22
- 2022 DBIR
- Master Guide
- Introducción
- Summary of Findings
- Results and Analysis Intro
- Results and Analysis - Intro to Patterns
- Results and Analysis - Not the Human Element
- Results and Analysis - Basic Web Application Attacks
- Industries
- Intro to Industries
- Accommodation and Food Services Data Breaches
- Arts and Entertainment Data Breaches
- Data Breaches in Education
- Financial Services Data Security Breaches
- Healthcare Data Breaches
- Information Industry Data Breaches
- Data Breaches in Manufacturing Industries
- Data Breaches in Energy & Utilities Industries
- Professional Services Data Breaches
- Public Administration Data Breaches
- Retail Data Breaches and Security
- Small Business Data Breach Statistics
- Intro to Regions
- Wrap Up
- Appendices
- Corrections
- Download the full report (PDF)
Please provide the information below to view the online Verizon Data Breach Investigations Report.
Thank You.
Gracias.
You will soon receive an email with a link to confirm your access, or follow the link below.
Gracias.
You may now close this message and continue to your article.
Patterns
5-Year difference
3-Year difference
Basic Web Application Attacks
No change
No change
Social Engineering
No change
No change
System Intrusion
No change
No change
Patrón
Difference with peers
Social Engineering
Greater
System Intrusion
Less
Basic Web Application Attacks
Less
Mining, Quarrying, and Oil & Gas Extraction + Utilities (or MQOGEU as we like to say) simply rolls off the tongue. It is an interesting “combined” industry that has had a high number of engineers. This is perhaps fitting as it seems to be under barrage from the other form of “engineers” –the Social Engineers. This industry has had a higher rate of Social Engineering breaches than their peers.
And it shows, as more than 60% of all breaches are Phishing (Figure d930713), followed by stolen credentials (potentially gathered by Phishing) and Ransomware (potentially tangential to Phishing). Given the key importance of this industry to our everyday well-being, we certainly hope that those credentials aren’t the only thing keeping our utilities and mining operations safe, especially since that’s one of the most commonly breached data types.
Considering the high prevalence of Phishing and credential attacks, it’s not too surprising to have Email servers as this industry’s most commonly breached asset, followed by Web applications and Desktops. Even though the infrastructure that runs these complex systems isn’t traditional IT infrastructure, the company can still be exposed to the very same threats as any other organization.
Let's get started.
Choose your country to view contact details.
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.