Each year the Verizon Data Breach Investigations Report presents a snapshot of global cybersecurity. After the recent release of the 2023 report, our team sat down to examine the findings and compare them with our analysis and observations from the field.
In this post, we explore the key takeaways from this year’s iteration of the Verizon Data Breach Investigations Report.
1. Incident response is more important than ever
According to the Verizon report, end users posed a greater threat to companies than nation-state or state-sponsored threat actors. That’s not surprising considering that 74% of data breaches involved the human element, a slight decrease from 2022 but still a clear vulnerability that organizations must address.
Hackers continue to target the human aspect of cybersecurity, which has long been regarded as the industry’s greatest weakness. When threats reach end users, organizations must rely on the security controls of user awareness and reporting, as well as admin monitoring and remediation.
These controls vary significantly across cybersecurity solutions, which tend to neglect them in favor of detection capabilities and measures independent from human intervention. Still, human intervention is an unavoidable and necessary aspect of cybersecurity that should be fully embraced.
2. Financial motivations drive most cyberattacks
The report finds that financial motivations drive nearly 95% of cyberattacks. Verizon reports a fourfold increase in cryptocurrency fraud, compared to the previous period. It also includes social engineering attacks, which resulted in median losses of $50,000 across victims, an increase from the year before.
This echoes data from the IC3’s 2022 Internet Crime Report, which found that investment scams were the costliest cyberthreat, resulting in $3.31 billion in losses in 2022. According to the IC3, cryptocurrency fraud represented the largest share of this total, imposing a price tag of $2.57 billion, a 187% year-over-year increase. This increases the need for organizations to step up their cybersecurity, especially when it comes to user awareness and reporting.
Vade has detected a several cryptocurrency phishing schemes this year. A recent example leveraged Google Translate to disguise a phishing link with a high-authority domain. These sophisticated attacks are abusing legitimate services to bypass detection from email security filters, making them more likely to reach end users and more effective when they do.
[Related Content] Why Users to Should Report Suspicious Emails, and How to Manage Them When They Do
3. Social engineering remains a top threat—before and after a breach
The report also finds that social engineering is a top threat for victims. Overall, this form of cyberattack increased in 2022, accounting for 17% and 10% of all data breaches and security incidents, respectively.
Overall, email was the primary attack vector for social engineering schemes at 98%. Nearly nine in 10 social engineering attacks were financially motivated, with credentials the most common type of data compromised (76% of attacks).
The report attributes the increase in social engineering largely to pretexting—the most common form of social engineering used in business email compromise (BEC) attacks—and phishing. Phishing represented 44% of all social engineering attacks behind pretexting but earned the top spot as the leading cause of confirmed data breaches.
Social engineering continues to be a key attack method considering its effectiveness in manipulating the human element in cybersecurity. While the report finds that system intrusion was the top cause of data breaches, social engineering was a contributing factor, and it often followed an initial breach. Once hackers gain access to a network, they commonly use phishing and spear phishing to laterally move and escalate privileges.
This again highlights the need for and importance of fortifying the human element of cybersecurity.
4. Malware and ransomware continue to haunt victims
While social engineering attacks are a top threat, so is malware and specifically ransomware. The report finds that ransomware attacks caused the second most security incidents at 15.5%, while it forced nearly a quarter of all data breaches. And like in past years, email was the top delivery method for malware and ransomware. Notably, this year’s report also identified the top malware file type: Microsoft Office documents.
This isn’t surprising, considering that Microsoft is the most impersonated corporate brand among hackers. Microsoft 365 is also a top target for attacks and a platform frequently exploited by cybercriminals.
Overall, the report also finds that the cost of ransomware incidents is increasing, while the size of ransomware victims is decreasing. It highlights that SMBs are at greater risk for ransomware attacks, which transitions to our next major takeaway from the report.
[Related Content]: Malware Analysis: Tips, Tools, and Techniques
5. SMBs are at risk
In this year’s report, SMBs experienced 42% and 69% more security incidents and data breaches than large enterprises, respectively. Email caused nearly one in four of these data breaches.
As the report notes, SMBs have adopted many of the same digital tools and infrastructure as large enterprises, creating similarities between their attack surfaces. Still, this trend hasn’t resolved discrepancies in cybersecurity. SMBs lack the same resources and personnel as their large counterparts. This leaves them at risk and calls for a more intentional defense strategy that maximizes available resources.
Given the most common threats facing SMBs (including system intrusion and social engineering), the report highlights user awareness training, data recovery, access control management, and incident response as necessary security controls. This enables SMBs to maximize their security posture given the resources at their disposal.
Top takeaways from the Verizon Data Breach Investigations Report 2023
As the Verizon Data Breach Investigations Report reveals, the threat landscape is becoming more active and malicious. To protect their viability and continuity, organizations need to fortify their cybersecurity both from a technological and human perspective.
Vade for M365 is a collaborative email security solution for Microsoft 365 that strengthens both variables. The solution provides a combination of robust incident response tools, advanced threat detection, phishing awareness training, and a continuous improvement loop.
