Rublon

Secure Remote Access

By

Last updated on July 21, 2023

Verizon’s 2023 Data Breach Investigation Report (DBIR) is one of the most authoritative and comprehensive sources of information on data breaches and cyber incidents in the world. The report analyzes over 16,000 security incidents and over 5,000 confirmed data breaches across 6 continents and 20 industries. It provides valuable insights into the trends, patterns, and root causes of data breaches, as well as recommendations for improving security and resilience.

In this article, we will summarize the key findings and highlights of the 2023 DBIR, organized into the following categories:

  • Overview
  • Ransomware
  • Data Breaches
  • Human Factor
  • Small Businesses
  • Industries
  • Regions

Then, we will list the main security recommendations from the report. Let’s start!

Data Breach Report 2023 Bulleted Summary

Overview

  • The Verizon 2023 Data Breach Report analyzed 16,312 security incidents and 5,199 confirmed data breaches, representing a 32% decrease in the number of analyzed security incidents and a 0.2% decrease in the number of confirmed data breaches compared to the previous year.
  • Verizon’s 2023 Data Breach Report also uses its incident data collection based on the VERIS Framework. This dataset currently contains 953,894 incidents, of which 254,968 are confirmed breaches.
  • The majority of breaches (83%) involve external actors, with the vast majority (95%) being financially motivated.
  • Threat actors are mostly motivated by financial gains (95%) and perpetrate cybercrimes in organized crime groups (~70%).
  • Almost three-quarters (74%) of all breaches include the human element. People are involved in misusing privileges, using stolen credentials, making errors, and conducting social engineering scams.
  • Attackers access an organization through three main methods: stolen credentials (~50%), phishing (~15%), and exploiting vulnerabilities (~5%).
  • More than 32% of all Log4j scanning activity over the course of the year happened within 30 days of its release.

Ransomware

  • Almost a quarter (24%) of breaches involve ransomware, which maintains its steady position at the top compared to previous years.
  • Ransomware still affects organizations across all industries and sizes.
  • Ransomware recovery costs rise while ransom amounts drop, implying a smaller company size of victims.
  • Median loss of incidents increased to $26,000, and the 95% range of losses widened to $1-$2.25 million, threatening small businesses.
  • 91% of analyzed industries have ransomware as one of their top three attack types.
  • The main initial vectors of gaining entry for ransomware attacks are email (~35%), desktop sharing software (~30%), and web applications (~25%).

Data Breaches

  • The most common breach pattern is system intrusion, followed by web application attacks and social engineering.
  • Denial of Service attacks constitute a whopping number of 6,248 incidents, though only 4 have confirmed data disclosure.
  • Denial of Service attacks experienced a 57% median growth compared to last year, from 1.4 Gbps to 2.2 Gbps
  • System intrusion accounts for 3,966 incidents and 1,944 breaches, representing 24% of all incidents and 37% of all breaches.
  • More than 80% of system intrusion breaches involve ransomware.
  • About 30% of system intrusion breaches affect web applications and about 25% affect desktop sharing software.
  • 86% of all basic web application attacks use stolen credentials for initial access.
  • 50% of organizations experienced over 39 web application attacks this year.
  • Business Email Compromise (BEC) attacks represent more than 50% of all incidents within the social engineering pattern with the median cost at about $50,000. The number of BEC attacks has been doubling each year since 2017, which makes it especially noteworthy.
  • Threat actors mostly attack servers (~85%), people (~25%), and user devices (~20%).
  • Out of the servers category, web applications (~65%) and mail servers (35%) are affected the most often.
  • Breaches involving cryptocurrency skyrocketed this year, quadrupling from last year.
  • Attacks on cryptocurrency wallets mostly use exploited vulnerabilities (~50%) and stolen credentials (~45%) as the entry point for breaches.

Human Factor

  • People still continue making mistakes, such as misdelivery (43%), publishing errors (23%), and misconfiguration (21%), which lead to data breaches and damage to organizations.
  • Error-related breaches decreased to 9% as opposed to 13% last year.
  • Developers (~45%) and system admins (~38%) are responsible for most of the human errors that cause breaches, with a few end-users (16%) also making mistakes.
  • Deliberate privilege misuse accounted for 406 incidents, 288 with confirmed data closure.
  • The motives of these internal threat actors were mostly financial (89%), but also based on a grudge (13%).

Small Businesses

  • Small businesses of less than 1,000 employees experienced 699 incidents, 381 of which with confirmed data disclosure.
  • Small businesses experienced 203 incidents and 154 confirmed data disclosures more than large businesses with more than 1,000 employees.
  • Small, medium-sized, and large organizations have similar attack profiles regardless of their size but differ in their ability to respond to threats due to their resources.
  • Attack motives are primarily financial (98%).
  • 94% of threat actors are external actors.
  • Data compromised chiefly includes credentials (54%) and internal data (37%).
  • Ransomware is responsible for about one out of three breaches in small businesses.

Industries

  • The most affected industry is public administration (582 or 11.2% of breaches), followed by finance (477 or 9.2%) and healthcare (433 or 8.3%).
  • The most incidents (with or without confirmed data disclosure) happened in public administration (3,270 or 20% of incidents), information (2,105 or 12.9% of incidents), and finance (1,829 and 11.2% of incidents)
  • For a full list of affected industries, refer to the following table:
IndustryNumber of breachesPercentage of breachesNumber of total incidentsPercentage of incidents
Public Administration58211.2%3,27020.0%
Finance4779.2%1,82911.2%
Healthcare4338.3%5223.2%
Information3807.3%2,10512.9%
Professional4218.1%1,3968.6%
Education2384.6%4963.0%
Manufacturing2595.0%1,81411.1%
Retail1913.7%4042.5%
Accommodation681.3%2541.6%
Entertainment931.8%4322.6%
Transportation1062.0%3492.1%
Utilities330.6%1170.7%
Wholesale Trade531.0%960.6%
Real Estate591.1%830.5%
Construction661.3%870.5%
Agriculture330.6%660.4%
Administrative320.6%380.2%
Other Services1001.9%1430.9%
Mining130.3%250.2%
Management90.2%90.1%
Unknown1,55329.9%2,77717.0%
  • The key findings from Verizon 2023 Data Breach Report for some of the most important industries are as follows:
    • Public Administration: This sector still has a lot of breaches that are done for spying. It also has a lot of breaches that involve more than one actor. Most breaches (76%) happen when systems are broken into, assets are lost or stolen, or people are tricked.
    • Finance: The most common way to cause breaches in this area is to attack web applications. This, along with the error of sending data to the wrong place, shows that good controls could stop a lot of attacks in this sector. Most breaches (77%) happen due to web application attacks, human errors, or system intrusion.
    • Healthcare: Attackers who use ransomware keep going after this sector and often leak data when they do. Errors (especially sending data to the wrong place) are common too. Most breaches (68%) happen when systems are broken into, web applications are attacked or errors are made.
    • Information: Human errors keep going down like they have for the last few years and are not one of the top three ways to cause breaches anymore. Social engineering is now one of the top three. Denial of Service attacks, which try to make websites or networks stop working, are 70% of incidents in NAICS 51. Most breaches (77%) happen when systems are broken into, web applications are attacked or people are tricked.
    • Professional: The Professional, Scientific and Technical Services industry has the same top ways to cause breaches as before, but this sector has seen more ransomware this year, with incidents happening the same way as last year. Most breaches (90%) happen when systems are broken into, web applications are attacked or people are fooled.
    • Education: Social engineering replaced basic web application attacks as one of the top three main ways to cause breaches in this area. Ransomware is still a big problem for this vertical. Most breaches (76%) happen when someone breaks into systems, makes mistakes, or gets fooled.
    • Manufacturing: Hacking and malware are almost tied for the first two places. Social engineering attacks are still happening, but they are far behind. For incidents, watch out for denial of service attacks that try to make this industry’s infrastructure stop working and mess up their deadlines. Most breaches (83%) happen when systems are broken into, people are tricked or web applications are attacked.
    • Retail: This industry has the same three main ways to cause breaches as many others, but Retail also has to deal with attackers who want its payment card data besides usual threats like ransomware and basic web application attacks. Most breaches (88%) happen when systems are broken into, people are tricked or web applications are attacked.
    • Accommodation: Attackers who want money often target this sector and use RAM scrapers to get payment card data, which is the most common data type they go after. Most breaches (90%) happen when they break into systems, attack web applications or trick people.
    • Mining: About one in three breaches in this area are caused by ransomware. Social engineering, which is going up overall, has gone down in this industry. Most breaches (81%) happen when systems are broken into, web applications are attacked or errors are made.

Regions

  • The Verizon 2023 Data Breach Report examines cybercrime incidents from four regions of the world:
    • APAC: Asia Pacific, including Southern Asia, South-Eastern Asia, Central Asia, Eastern Asia, and Oceania
    • EMEA: Europe, Middle East, and Africa, including Northern Africa, Europe, and Western Asia
    • LAC:  Latin America and the Caribbean, including South America, Central
    • America, and the Caribbean
    • NA: Northern America including the United States and Canada
  • NA (USA and Canada combined) had the highest number of incidents (9,036) and breaches (1,924) among the regions, followed by EMEA with 2,557 incidents and 637 breaches.
  • 70% of All Hacks Happen in USA and Canada
  • APAC had 699 incidents and 164 breaches, while LAC had 535 incidents and 65 breaches, the lowest numbers among the regions.
  • APAC and LAC each accounted for only 4% of incidents and 2% of breaches in the DBIR data set, indicating lower visibility or reporting of cybercrime in these regions.
  • System intrusion, social engineering, and basic web application attacks are the top attack patterns for all regions except APAC, where social engineering is the most common.
  • External actors motivated by financial gain are the dominant threat actors for all regions, accounting for 92% to 98% of breaches.
  • Credentials, internal data, and system data are the most compromised data types for all regions, with some variation in the proportions.

Recommended Security Measures

Throughout the Verizon 2023 Data Breach Report, the reader is given a set of best practices for securing various systems and devices. The most important of those are as follows.

  1. Multi-Factor Authentication (MFA): The report recommends using MFA for all users and applications in a few separate places in the report, emphasizing the importance of this security measure in preventing cyberattacks of all kinds.
  2. Incident response management: Create a program to build and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare, detect, and respond swiftly to an attack.
  3. Security Awareness and Skills Training: Create and sustain a culture of security awareness among the workforce by influencing the behavior and skills of your employees to lower the cybersecurity risks for your business.
  4. Data Recovery: Implement and maintain data recovery methods that can restore your assets to a trusted and functional state after an incident.
  5. Access Control Management: Use processes and tools to grant, change, manage, and revoke access rights and permissions for user, administrator, and service accounts for enterprise assets and software.
  6. Application Software Security: Manage the security life cycle of software that is developed, hosted, or acquired by your business to prevent, detect, and fix security weaknesses before they can affect the organization.
  7. Penetration Testing: Test the effectiveness and resiliency of your assets by finding and exploiting weaknesses in controls (people, processes, and technology), and simulating the goals of attacks.

Conclusion

The Verizon 2023 Data Breach Report is a valuable resource for anyone interested in data breaches and cyber security. It provides a comprehensive and detailed analysis of the trends, patterns, and root causes of data breaches across different industries and regions. It also provides practical and actionable recommendations for improving security and resilience. By reading and applying the insights and lessons from the 2023 DBIR, organizations and individuals can better protect themselves and their data from cyber threats.