Verizon 2023 Data Breach Investigations Report: frequency and cost of social engineering attacks skyrocket
June 06 2023 - 12:01AM
Verizon Business today released the results of its 16th annual Data
Breach Investigations Report (2023 DBIR), which analyzed 16,312
security incidents and 5,199 breaches. Chief among its findings is
the soaring cost of ransomware – malicious software (malware) that
encrypts an organization’s data and then extorts large sums of
money to restore access.
The median cost per ransomware more than doubled over the past
two years to $26,000, with 95% of incidents that experienced a loss
costing between $1 and $2.25 million. This rise in cost coincides
with a dramatic rise in frequency over the past couple of years
when the number of ransomware attacks was greater than the previous
five years combined. That prevalence held steady this year:
Representing almost a quarter of all breaches (24%), ransomware
remains one of the top cyberattack methods.
The human element still makes up the overwhelming majority of
incidents, and is a factor in 74% of total breaches, even as
enterprises continue to safeguard critical infrastructure and
increase training on cybersecurity protocols. One of the most
common ways to exploit human nature is social engineering, which
refers to manipulating an organization's sensitive information
through tactics like phishing, in which a hacker convinces the user
into clicking on a malicious link or attachment.
“Senior leadership represents a growing cybersecurity threat for
many organizations,” said Chris Novak, Managing Director of
Cybersecurity Consulting at Verizon Business. “Not only do they
possess an organization’s most sensitive information, they are
often among the least protected, as many organizations make
security protocol exceptions for them. With the growth and
increasing sophistication of social engineering, organizations must
enhance the protection of their senior leadership now to avoid
expensive system intrusions.”
Like ransomware, social engineering is a lucrative tactic for
cybercriminals, especially given the rise of those techniques being
used to impersonate enterprise employees for financial gain, an
attack known as Business Email Compromise (BEC). The median amount
stolen in BECs has increased over the last couple of years to
$50,000 USD, based on Internet Crime Complaint Center (IC3) data,
which might have contributed to pretexting nearly doubling this
past year. With the growth of BEC, enterprises with distributed
workforces face a challenge that takes on greater importance:
creating and strictly enforcing human-centric security best
practices.
"Globally, cyber threat actors continue their relentless efforts
to acquire sensitive consumer and business data. The revenue
generated from that information is staggering, and it's not lost on
business leaders, as it is front and center at the board level,"
said Craig Robinson, Research Vice President at IDC. "Verizon's
Data Breach Investigations Report provides deep insights into the
topics that are critical to the cybersecurity industry and has
become a source of truth for the business community."
In addition to the increase in social engineering, other key
findings in the 2023 DBIR include:
- While espionage garners substantial media attention, owing to
the current geopolitical climate, only 3% of threat actors were
motivated by espionage. The other 97% were motivated by financial
gain.
- 32% of yearly Log4j vulnerability scanning occurred in the
first 30 days after its release, demonstrating threat actors’
velocity when escalating from a proof of concept to mass
exploitation.
- External actors leveraged a variety of different techniques to
gain entry to an organization, such as using stolen credentials
(49%), phishing (12%) and exploiting vulnerabilities (5%).
One of the ways that enterprises can help safeguard their
critical infrastructure is through the adoption and adherence of
industry leading protocols and practices. Verizon
recently became the first nationwide telecom provider to
become a participant of Mutually Agreed Norms for Routing Security
(MANRS): a global initiative that provides crucial fixes to reduce
the most common routing threats that can be exploited by attackers.
Participation in MANRS demonstrates Verizon’s commitment to
implementing industry best fixes to common routing threats and best
practices geared at helping to prevent cyber incidents for
customers on the network.
Verizon Communications Inc. (NYSE, Nasdaq: VZ) was formed on
June 30, 2000 and is one of the world’s leading providers of
technology and communications services. Headquartered in New York
City and with a presence around the world, Verizon generated
revenues of $136.8 billion in 2022. The company offers data, video
and voice services and solutions on its award-winning networks and
platforms, delivering on customers’ demand for mobility, reliable
network connectivity, security and control.
Media contacts:Carlos
Arcila+1.908-202-0479Carlos.Arcila@verizon.com
Nilesh Pritam+65 6248-6599Nilesh.Pritam@sg.verizon.com
Louisa Rowntree+44 7771388040Louisa.Rowntree@uk.verizon.com
Verizon Communications (NYSE:VZ)
Historical Stock Chart
From Mar 2024 to Apr 2024
Verizon Communications (NYSE:VZ)
Historical Stock Chart
From Apr 2023 to Apr 2024