Web App attacks via vulnerability exploits and the Use of stolen credentials are prevalent in this industry. Errors continue to be a significant factor and are primarily made up of the Misconfiguration of cloud databases. Growth in Denial of Service attacks also remains a problem for the Information sector.
5,741 incidents, 360 with confirmed data disclosure
Web Applications, Miscellaneous Errors and Everything Else represent 88% of data breaches.
External (67%), Internal (34%), Multiple (2%), Partner (1%) (breaches)
Financial (88%), Espionage (7%), Fun (2%), Grudge (2%), Other (1%) (breaches)
Personal (69%), Credentials (41%), Other (34%), Internal (16%) (breaches)
Secure Configurations (CSC 5, CSC 11), Continuous Vulnerability Management (CSC 3), Implement a Security Awareness and Training Program (CSC 17)
Come one, come all!
Welcome to the Information industry portion of the DBIR, and boy are you in for a treat! This section has it all: Web Applications attacks, errors, phishing and even some malware. The main three patterns witnessed in the NAICS 51 sector for 2019 were Web Application with over 40% of breaches, followed by Miscellaneous Errors, and at a distant third, Everything Else (Figure 72).