Trends in Data Breaches According to the 2023 Verizon Data Breach Investigations Report
Verizon 2023 DBIR: Rising Social Engineering Attacks While Ransomware Plateaus
The Verizon 2023 Data Breach Investigations Report (DBIR) was published to offer insights into the present threat landscape and trends in data breaches. This 2023, the report analyzed 16,312 security events, where data integrity, availability, or confidentiality was compromised, and 5,199 data breaches with a confirmed exposure of sensitive information to an unauthorized third party. The report included incidents that happened from November 1, 2021, to October 31, 2022.
In 2022, the report showed that 82% of breaches had the involvement of the human element; it was 85% in 2021. That decreasing trend has carried on as 74% of breaches in 2022 had the involvement of the human element. These consist of errors by staff members like wrong configurations and replies to pretexting attacks, and also purposive activities by malicious insiders. In about 49% of all incidents, preliminary access to victims’ systems was acquired by using stolen credentials. About 12% of breaches happened with phishing, while 5% of breaches happened with the exploitation of vulnerabilities. In 90% of exploit incidents, the Log4j vulnerability was the most reported exploited vulnerability, however, just 20.6% of incidents reported the exploited vulnerability in the attack.
Social Engineering Attacks Still Increase
The report this year shows a consistent upward pattern in pretexting cases, which are a sort of social engineering attack in which the victim is steered into giving away sensitive data. These attacks usually entail impersonation and involve business email compromise attacks, which nearly increased twofold in one year and now are the reason for over 50% of social engineering incidents, going over phishing, though phishing is still the most prevalent social engineering method in affirmed data breaches. Losses because of BEC attacks are continuously growing from about $30,000 in 2018 to about $50,000 in 2022. Email is the initial vector in 98% of social engineering attacks, while the others involved SMS and instant messaging (smishing) and telephone-based incidents (vishing).
One of the issues pointed out in the report is the insufficient security against social engineering attacks, particularly the senior leadership accounts. These persons tend to be targeted because they have the most important accounts with considerable access to systems and information, since senior leadership accounts are usually excepted from regular security settings. Discovering these attacks may be hard and stopping them needs a mix of measures such as email security options, multifactor authentication, and end-user training with better protections applied for the most important accounts with the greatest degrees of privileges.
Ransomware Attacks Stay The Same
Ransomware attacks are still executed in big numbers however the number of attacks has always been constant — about 15.5% of data breaches and 24% of incidents. Ransomware incidents slightly increased from 2022 and slightly decreased in ransomware-linked data breaches. Verizon states that organized crime actors used ransomware for 62% of cyberattacks and 59% of monetarily inspired incidents. The most typical attack vectors in ransomware attacks were email, desktop-sharing software programs, and web apps.
Statistics from the FBI reveal 10% of ransomware attacks reported in the 2021 DBIR had monetary losses of $11,500. This year, just 7% of attacks had monetary losses, however, the median loss increased twofold to $26,000. The max loss went from $1.2 million to $2.25 million. The total expense of remediating ransomware attacks still goes up in spite of a consistent drop in median ransom payments.
Other Reasons for Security Incidents and Data Breaches
- Although most attacks involved hacking incidents, insider breaches still happen. The report included 602 insider incidents, 512 of which involved affirmed data exposures. The most typical reason for these attacks was
- misdeliveries – 43% of insider incidents
- misconfigurations – 23% of insider incidents
- publishing errors – 21% of insider incidents
Phishing, social engineering, and ransomware attacks lead the headlines, however, the most common form of attack is denial-of-service with 6,248 out of 16,312 security incidents. Although these attacks don’t seem to hold similar costs to data breaches, they could nevertheless bring about significant disruption to business procedures as they block access to business-critical systems and the Internet.
2,091 incidents involved missing and stolen assets, such as laptops, mobile phones and printed documents, with loss cases making up most of these incidents. These occurrences were many however they usually didn’t count in the breach data, because the information on lost devices wasn’t verified as being breached, just being in danger. These incidents have stayed at the same degree to last year, making up about 10% of all data breaches.
Reasons for Healthcare Attacks and Data Breaches
Healthcare was depicted in 525 cases and 436 of those cases were affirmed data disclosures. The reasons for the healthcare data breaches are the following:
164 basic web application attacks
153 miscellaneous errors
121 system intrusions
57 privilege misuse
65 social engineering
18 lost/stolen assets
Like what Verizon remarks, numerous healthcare data breach notification letters state that the breach was caused by a very advanced cyberattack; nevertheless, basic web app attacks were the most frequent, which generally entail brute-forcing weak passwords as well as easy credential stuffing.
A lot of the occurrences in medical care were because of the following errors by employees. Misdelivery or not giving emails or mailing letters to the right persons is the second biggest reason for data breaches.
Privilege misuse – consists of employee snooping though it is decreasing yet remains more predominant compared to a number of other industrial sectors. Safeguarding against these attacks is hard, therefore the target should be fast to restrict the opportunity of harm, and that indicates tracking records for strange data access trends and mechanizing that process as far as possible.