2023 DBIR Overview

For over 15 years DBIR helps to stay ahead of emerging cyber threats. Learn the 2023 DBIR key takeaways and leverage the findings to strengthen your cybersecurity posture.

For over fifteen years the Verizon Data Breach Incident Report (DBIR) has been one of the most reputable cyber security reports. The main advantage is its neutral approach, global data set, and the way in which the report analyzes risk encompassing cyber threats and factors such as physical vulnerabilities and human error.

The 2023 DBIR is a concentrated worldwide statistic on data breaches between November 1, 2021, and October 31, 2022. The Report intrigues from a very glance. Its catchy cover visually depicts the increasing number of breaches over the years in Verizon’s dataset highlighting the growing trend since the release of their initial report.

The 2023 DBIR’s content is also impressive. The key 2023 DBIR takeaways include:

• 74% of all breaches included the human element, with people being involved either via error, privilege misuse, stolen credentials, or social engineering.
• Financial motivations remain the primary driving force, accounting for 95% of all data incidents examined.
• External actors are responsible for 83% of breaches.
• Stolen credentials, phishing, and exploited vulnerabilities were the primary ways through which attackers gain access to organizations.
• Social engineering attacks have become increasingly prevalent with Business Email Compromise (BEC) now constituting over 50% of incidents within the category.
• Ransomware remains a prominent threat type in breaches, with a steady presence at 24%.

Let’s analyze the recently available data incident statistics and leverage the findings to strengthen your cybersecurity posture.

Financial motives are the main drivers of data breaches

According to the 2023 DBIR, financial motives remain the driving force behind the majority of data breaches, accounting for 94.6% of all breaches (Figure 12 of the Report). When examining the actors, organized crime emerges as the most active predator accounting for over 70% of the breaches (Figure 13). The main targets of threat actors are Protected Health Information (PHI), Personally Identifiable Information (PII), payment information, and any other sensitive personal data that can be used for identity theft or fraud. Sensitive business information such as product plans or recent developments is hunted to be sold to competitors.

Human errors caused by technical roles

Human error accounted for roughly 10% of all breaches in 2023 DBIR (Figure 26). What stands out is that the majority of these errors were not caused by regular employees, but rather by technical roles such as IT administrators and developers. These individuals often work in complex technical environments, including cloud systems, which increases the likelihood of making mistakes. Moreover, when they make an error, the consequences are often more significant since they handle highly sensitive data.

Insider threats surpass state-sponsored attackers

83% of breaches involved external actors (Figure 11) while internal actors accounted for 19% of breaches. However, the DBIR team of specialists turns attention to another fact – insider threats (those posed by employees) occurred more frequently than external threats from state-sponsored attackers.

This observation is important because it does not meet the expectations, that state-sponsored attacks, particularly those related to espionage, will be on the rise amid the ongoing Russian aggression against Ukraine. Despite an increase in ideology-driven or hacktivism-related attacks, such incidents have not significantly impacted the overall statistics.

 Ransomware continues to be a concerning factor

Ransomware accounted for 24% of cybersecurity incidents analyzed by Verizon (Figure 8). Verizon highlights an interesting trend in the data. While the ransom amounts demanded by threat actors may be lower for smaller companies, the overall costs associated with recovering from ransomware incidents are increasing. This observation suggests that the size of ransomware victims is potentially decreasing. On the other hand, smaller companies, despite facing lower ransom demands, encounter more significant financial impacts in recovering from incidents.

Phishing remains a major cause of breaches

What is interesting in this year’s DBIR is that nearly 50% of successful phishing incidents involved BEC (Business Email Compromise) or CEO fraud (Figure 5). These types of email attacks don’t contain malicious links or infected attachments. Instead, they often have a financial motive and aim to deceive people into approving fraudulent invoices, payments, or changes to bank account details. Their main goal is to steal money.

While ransomware incidents often make headlines because organizations are required to disclose them publicly, BEC/CEO fraud incidents rarely receive media attention since such a requirement doesn’t exist for financial theft cases. When data is breached, disclosure is mandatory, but when money is stolen, there’s no obligation to go public.

Small and medium businesses are overrepresented

One may assume that large enterprises have more data and are therefore subject to more attacks. The 2023 DBIR finds the opposite. Organizations with fewer than 1,000 employees experienced over two-thirds more breaches than large companies (381 vs. 227). This likely is due to mid-sized organizations being perceived as softer targets with fewer security resources. Small and medium businesses have limited resources for implementing security controls.

There were the main insights from the 2023 DBIR. We hope this knowledge would equip your business with valuable cybersecurity practices and safeguard your data. To stay updated on recent cybersecurity and compliance-related topics, keep reading our blog. Feel free to contact the Planet 9 team for help with your security and compliance challenges. We’ll be happy to assist!

Website: https://planet9security.com

Email:  info@planet9security.com

Phone:  888-437-3646