When I started in the infosec game (last millennium) only a few of the incidents we worked on were driven by criminal intent. Hacktivism (remember that?), and “for the LOLZ” were big drivers for the relatively unsophisticated stuff we had to deal with. The one thing that hasn’t changed is that most incidents start with someone screwing up (reusing passwords/no password, public shares, ANY/ANY/ANY “testing”…)…:
[…] “Criminals are going to go the path of least resistance, where they feel like there’s been less focus from a cybersecurity perspective,” Loveland said. “You’re going to see a higher number of breaches in those areas.”
In retail, nearly all (99%) of incidents were financially motivated, with payment data and personal credentials being the main focus. While in finance, for example, most breaches were caused by web application attacks, driven by external actors using stolen credentials to obtain sensitive data in the cloud.
The attacks by industry vary on the easiest ways information can be gathered in that sector, the report found.
North America mainly saw attacks via stolen credentials, accounting for more than 79% of hacking breaches. In Europe, the Middle East, and Africa, denial of service (DoS) attacks accounted for more than 80% of malware incidents. And in the Asia Pacific, 63% of breaches were motivated by money, according to the report.