Stay informed: Enterprise cybersecurity trends from the 2023 DBIR

Author: Phil Muncaster

Date published: June 24, 2024

Data-driven decision-making can make all the difference to enterprise cybersecurity programs. But once you've resolved to back any strategic decisions with statistics, where do you source that all-important data? This is where the Verizon 2023 Data Breach Investigations Report (DBIR) comes in. It combines data collected from experts at the Verizon Threat Research Advisory Center (VTRAC) along with data from the global DBIR contributors consisting of law enforcement, government agencies, forensic shops, Information Sharing and Analysis Centers (ISACs) and Computer Emergency Response Teams (CERTs) to shed light on the threat landscape and the steps enterprises like yours can take to help mitigate the most serious threats.

The 2023 DBIR examined 16,312 incidents, of which 5,199 were confirmed data breaches. So, what's new in the 2023 DBIR?


What are the main cybersecurity threats to businesses?

The report goes into fairly granular detail across multiple industries—from the Accommodation and Food Services to Healthcare and Manufacturing sectors to Professional Services. However, the most noteworthy high-level enterprise cybersecurity trends across all verticals include:


Financially motivated, externally sourced attacks are most common 

External actors are responsible for 83% of breaches, while monetary gain accounts for the vast majority (95%) of breaches. This is not surprising, given that organized crime dominates external attacks. Given concerns about the impact of the conflict in Ukraine, it is worth noting there are fewer breaches stemming from nation-states than from malicious and negligent employees.


Stolen credentials are the top access vector 

The main method of entry into victim networks is stolen credentials (49%), followed by phishing (12%) and exploitation of vulnerabilities (5%). The first two illustrate the continued risk posed by the human part of the cybersecurity chain.


The human element looms large 

As per the above, humans play a significant role in breaches—accounting for 74% of all breaches. This could be due to the use of stolen credentials, social engineering techniques in which users are tricked into sharing information such as logins, or unapproved use of legitimate privileges. Or it could be simple user error, such as misconfiguration or misdelivery of sensitive information.


Business email compromise (BEC) doubles in size 

Social engineering is now as much about pretexting as phishing. While there are more recorded cases of the former in incidents, phishing is still present more often in breaches. That's because business email compromise attempts are often designed simply to trick victims into sending money to the attacker, rather than stealing data. As well as the number of pretexting cases almost doubling across all incidents since the 2022 DBIR, the median amount stolen from these attacks increased to $50,000.


Ransomware remains a major threat as costs surge 

Ransomware is present in about one in four (24%) breaches. While the figure is virtually unchanged from 2022, the threat is ubiquitous among organizations of all sizes and in all sectors. And median costs resulting from these attacks more than doubled to $26,000, according to the FBI Internet Crime Complaint Center.


Turning enterprise cybersecurity trends into actionable insight

The above cybersecurity trends provide plenty of useful insight into where threats are most concentrated. But how should you proceed from there? Here are some tips, based on the three main incident classification patterns with confirmed data disclosure:


System Intrusion (including ransomware)

Securely configure enterprise assets and software, deploy email and browser protection, and maintain anti-malware tools. Run continuous vulnerability management and training and awareness programs, alongside access control and account management, and data recovery processes.


Social Engineering 

Protect accounts with strict access controls and account management, and focus on phishing and pretexting awareness in training programs. Prioritize incident response management for rapid detection and response.


Basic Web Application Attacks

Help mitigate the risk from stolen credentials by protecting accounts, including by use of multi-factor authentication (MFA). Run continuous vulnerability management to help mitigate the exploitation of software flaws.


How Verizon can help you in your pursuit for protection

Fortunately, Verizon’s consulting services and robust portfolio of security products can help enhance your organization's security posture. Consider the following offerings:

Verizon’s Cyber Risk Program is a customizable, continuous, objective, risk assessment program designed to analyze customers’ cyber risk controls. It identifies risks threatening your organization, assets and brand reputation.

SASE Management provides change management, incident management and health monitoring on specific cloud security service instances. A service instance for SASE Management is the unique cloud security tenant that is managed by Verizon. Integrated support can be provided across the customer’s cloud security instances and Verizon-managed Software Defined WAN (SD WAN) which are connected to their cloud security instances.

Rapid Response Retainer can augment your security personnel to help quickly contain incidents and breaches. The service helps enable you to proactively manage the risk of being attacked. Social engineering attacks, in particular, require a rapid response to help contain the threat with minimal impact on your organization.

Managed Detection and Response (MDR) is designed to help minimize cyber risk by expanding your capabilities and bandwidth to prioritize, investigate and respond to incidents. Outsourcing the detection of sophisticated system intrusion events to Verizon's expert team allows your internal IT team to focus on other strategic tasks.

Learn more in the latest DBIR and contact Verizon to find out how you can improve your cybersecurity posture.

The author of this content is a paid contributor for Verizon.


Call Sales

Chat with us
Start live chat


Have us contact you
Request a call