Verizon released its tenth annual breach report this morning, and cyberespionage and ransomware were the big gainers in 2016.
Cyberspionage accounted for 21 percent of cases analyzed, up from 13 percent last year, and was the most common type of attack in the manufacturing, public sector, and education.
In fact, in the manufacturing sector, cyberespionage accounted for 94 percent of all breaches. External actors were responsible for 93 percent of breaches, and, 91 percent of the time, the target was trade secrets.
Meanwhile, the number of ransomware attacks doubled compared to the previous year.
That might be an undercount, however, because of the way the data is collected.
The report is based on forensic investigations of 1,935 breaches and more than 42,000 security incidents from 65 cybersecurity research firms and government agencies -- including the U.S. Secret Service. As a result, it does the best job of covering incidents that companies have to report for compliance reasons, such as payment card and health record breaches, as well as those where the companies breached feel the need to call in outside forensic investigators or law enforcement authorities.
Attacks against consumers or smaller ransomware attacks against enterprise employees might not get reported, and not show up in the statistics.
Plus, if there's no evidence of exfiltration of data, a ransomware attack would be counted as a security incident, not as a breach, said Mark Spitler, senior manager, Verizon security research at New York City, NY-based Verizon.
This year's report showed the alarming prevalence of phishing and credential theft in successful breaches.
Of all successful breaches, 40 percent involved phishing attacks, he said.
That made it the single largest attack vector.
A quarter of breaches were caused by insiders, either deliberately stealing data or accidentally losing laptops or other devices that had sensitive data on them.
Other breaches involved point of sale attacks, physical attacks such as skimming devices, attacks on web applications, and drive-by malware downloads via the browser.
In addition, half of all breaches involved stolen or easily-guessable passwords.
Many of these could have been prevented with basic security hygiene.
"We get upset that we still have so many lost and stolen devices as data breaches," he said. "In 2017, it's not bleeding edge technology to encrypt mobile devices. It would save a lot of headaches if they could encrypt those devices -- they wouldn't have to report it, just have the loss of the cost of the asset."
Similarly, two-factor authentication could have stopped many of the attacks based on using leaked passwords or passwords recorded by keystroke loggers.
"We're not saying that a determined adversary would be completely prevented all the time if we established second factor, but it would certainly disrupt the normal chain, force them to doing something else," he said.