The Verizon Data Breach Investigations Report (DBIR) is a comprehensive report that provides data-driven insights into the latest cybersecurity breaches and incidents. The report provides an in-depth analysis of attacks and breaches from the past year, identifies incident patterns, and explores targeted industries. Published annually since 2008, the DBIR is a valuable resource for security professionals and organizations, who can use it to improve their cybersecurity postures and strategies, as well as their overarching cybersecurity knowledge.
For the Verizon 2023 DBIR, Verizon analyzed 953,894 incidents, of which 254,968 were confirmed breaches. The analysis was based on data from more than 80 organizations. Since this comprehensive report is nearly 90 pages long, you might not have time to read the entire thing (though we recommend you do, since it’s not only packed with interesting data, it’s also written in a witty and amusing way). To help, we’ve compiled the top five insights from the report, which you can use when prioritizing your security efforts.
1. Credentials: Still the Leading Security Weakness
Stolen credentials are still the number one way attackers access organizations. They enabled approximately 50% of the 4,291 breaches Verizon analyzed. In addition, approximately 15% were enabled through phishing and 5% through exploitation of vulnerabilities.
Interestingly enough, these percentages are the same as last year’s, meaning that organizations still haven’t found a way to protect against these vulnerabilities.
2. Pretexting Attacks Nearly Doubled
Pretexting is a type of social engineering attack in which the attacker creates a false scenario, i.e a pretext, in order to gain the victim’s trust and trick them into revealing sensitive information. The attacker may pose as a legitimate person or organization, such as a government official, a bank employee, or a tech support representative. They may also use fake email addresses, phone numbers, or websites to make their pretext seem more believable.
Per Verizon, “Social Engineering attacks are often very effective and extremely lucrative for cybercriminals. Perhaps this is why Business Email Compromise (BEC) attacks (which are in essence pretexting attacks) have almost doubled across our entire incident dataset.” More than 50% of Social Engineering incidents are pretexting incidents.
3. 74% of Breaches Include the Human Element
Humans are wired for trust and collaboration, which are the exact traits attackers are exploiting. 74% of all breaches include the human element, which included ”people being involved either via Error, Privilege Misuse, Use of stolen credentials or Social Engineering.”
4. 1 in 5 Breaches Involved Internal Actors
Internal actors were responsible for 19% of breaches. Per Verizon,“ It is worth reminding our readers that Internal actors are not only responsible for intentional harm in these cases, but they are also just as likely to be responsible for Error actions.” Verizon adds in a footnote that they are twice as likely to be responsible for Error actions. This is a good time to remind that organizations also need security controls to help their employees from accidentally enabling a data breach.
5. It’s All About the Money
Nation-state sponsored attacks are a popular and fascinating discussion topic, especially during times of geo-politicial turbulence, like the Russia-Ukraine war. However, most attacks are financially motivated: “the primary motivation for attacks continues to be overwhelmingly financially driven, at 95% of breaches.” This means that only 5% are not.
Industry Highlights
- Credentials were compromised across all industries. For example, in the financial and insurance industry, 38% of compromised data was credentials.
- Social engineering is a prominent attack method across a number of industries: accommodation and food services, educational services, information, manufacturing, professional, scientific and technical services, public administration and retail.
- In the financial and insurance industry, more than one third, 34%, of attacks were caused by internal actors making mistakes.
- The percentage is even slightly higher in the healthcare industry, with 35% of attacks being caused by internal actors.
How to Protect Your Organization From Credentials-Related Threats
Since credentials are a primary facilitator of unauthorized access to organizations, it is crucial to ensure that you follow secure permissions management practices. This includes:
- Implementing the principle of least privilege, i.e assigning permissions on a need-to-know basis, granting access only to relevant individuals.
- Ensuring permissions are given only for the time need (Just-In-Time Access) using PAM platform.
- Regularly reviewing and auditing user permissions to remove unnecessary access.
- Monitoring and logging user activities to detect and respond to suspicious behavior.
- Conducting security awareness training to educate employees on best practices for managing and protecting credentials.
Learn more about automating permissions management in the cloud with Axiom. Let’s talk.