Author: Phil Muncaster
Date published: June 24, 2024
Data-driven decision-making can make all the difference to enterprise cybersecurity programs. But once you've resolved to back any strategic decisions with statistics, where do you source that all-important data? This is where the Verizon 2023 Data Breach Investigations Report (DBIR) comes in. It combines data collected from experts at the Verizon Threat Research Advisory Center (VTRAC) along with data from the global DBIR contributors consisting of law enforcement, government agencies, forensic shops, Information Sharing and Analysis Centers (ISACs) and Computer Emergency Response Teams (CERTs) to shed light on the threat landscape and the steps enterprises like yours can take to help mitigate the most serious threats.
The 2023 DBIR examined 16,312 incidents, of which 5,199 were confirmed data breaches. So, what's new in the 2023 DBIR?
The report goes into fairly granular detail across multiple industries—from the Accommodation and Food Services to Healthcare and Manufacturing sectors to Professional Services. However, the most noteworthy high-level enterprise cybersecurity trends across all verticals include:
External actors are responsible for 83% of breaches, while monetary gain accounts for the vast majority (95%) of breaches. This is not surprising, given that organized crime dominates external attacks. Given concerns about the impact of the conflict in Ukraine, it is worth noting there are fewer breaches stemming from nation-states than from malicious and negligent employees.
The main method of entry into victim networks is stolen credentials (49%), followed by phishing (12%) and exploitation of vulnerabilities (5%). The first two illustrate the continued risk posed by the human part of the cybersecurity chain.
As per the above, humans play a significant role in breaches—accounting for 74% of all breaches. This could be due to the use of stolen credentials, social engineering techniques in which users are tricked into sharing information such as logins, or unapproved use of legitimate privileges. Or it could be simple user error, such as misconfiguration or misdelivery of sensitive information.
Social engineering is now as much about pretexting as phishing. While there are more recorded cases of the former in incidents, phishing is still present more often in breaches. That's because business email compromise attempts are often designed simply to trick victims into sending money to the attacker, rather than stealing data. As well as the number of pretexting cases almost doubling across all incidents since the 2022 DBIR, the median amount stolen from these attacks increased to $50,000.
Ransomware is present in about one in four (24%) breaches. While the figure is virtually unchanged from 2022, the threat is ubiquitous among organizations of all sizes and in all sectors. And median costs resulting from these attacks more than doubled to $26,000, according to the FBI Internet Crime Complaint Center.
The above cybersecurity trends provide plenty of useful insight into where threats are most concentrated. But how should you proceed from there? Here are some tips, based on the three main incident classification patterns with confirmed data disclosure:
Securely configure enterprise assets and software, deploy email and browser protection, and maintain anti-malware tools. Run continuous vulnerability management and training and awareness programs, alongside access control and account management, and data recovery processes.
Protect accounts with strict access controls and account management, and focus on phishing and pretexting awareness in training programs. Prioritize incident response management for rapid detection and response.
Help mitigate the risk from stolen credentials by protecting accounts, including by use of multi-factor authentication (MFA). Run continuous vulnerability management to help mitigate the exploitation of software flaws.
Fortunately, Verizon’s consulting services and robust portfolio of security products can help enhance your organization's security posture. Consider the following offerings:
Verizon’s Cyber Risk Program is a customizable, continuous, objective, risk assessment program designed to analyze customers’ cyber risk controls. It identifies risks threatening your organization, assets and brand reputation.
SASE Management provides change management, incident management and health monitoring on specific cloud security service instances. A service instance for SASE Management is the unique cloud security tenant that is managed by Verizon. Integrated support can be provided across the customer’s cloud security instances and Verizon-managed Software Defined WAN (SD WAN) which are connected to their cloud security instances.
Rapid Response Retainer can augment your security personnel to help quickly contain incidents and breaches. The service helps enable you to proactively manage the risk of being attacked. Social engineering attacks, in particular, require a rapid response to help contain the threat with minimal impact on your organization.
Managed Detection and Response (MDR) is designed to help minimize cyber risk by expanding your capabilities and bandwidth to prioritize, investigate and respond to incidents. Outsourcing the detection of sophisticated system intrusion events to Verizon's expert team allows your internal IT team to focus on other strategic tasks.
Learn more in the latest DBIR and contact Verizon to find out how you can improve your cybersecurity posture.
The author of this content is a paid contributor for Verizon.