The Verizon 2023 Data Breach Investigations Report (DBIR) provides unparalleled insight into the costs, frequency, and types of data breaches over the past 12 months. But what do the experts make of it? What findings stand out? And what do they mean for the industry?
In early July, Verizon released the latest installment of its much anticipated and highly regarded Data Breach Investigation Report. The report, which is in its 16th year, provides the cybersecurity industry with a detailed, data-driven analysis of the top threats to modern organizations. Unbiased, comprehensive, and international, the experts generally regard the report as the gold standard in data breach research.
We recently summarized the report’s key findings, but now it’s time for the experts to weigh in. Keep reading to find out more.
Critical infrastructure is the lifeblood of any functioning society. As such, we must protect it from cybercrime. To protect the critical infrastructure sector, we must first understand its threats.
The healthcare sector handles some of the most sensitive and valuable data. And, arguably more than any other industry, downtime is not an option; lives are at stake. Unfortunately, cybercriminals know this, meaning the healthcare sector is a favorite target for ransomware gangs.
“Almost a quarter of breaches involved ransomware, impacting multiple industry verticals. Public administration experienced the highest percentage of breaches, but healthcare had the highest percentage of breaches,” said Dr. Thomas Duffey, Director of Cybersecurity and Compliance at ITEGRITI.
Of the healthcare sector’s reported breaches, 68% involved system intrusion, web application attacks, and miscellaneous errors. However, insider threats remain a significant problem for the healthcare sector, accounting for 35% of data breaches, higher than the cross-sector average.
“External threat actors were responsible for the majority of incidents (about 80%), with the remainder stemming from internal threats (both intentional compromises and errors),” Duffey continued.
System intrusion, web app attacks, and errors also caused most (81%) data breaches in the oil & gas, energy, and water sectors. Interestingly, however, social engineering attacks didn’t even make these sectors’ top five data breach patterns, despite being one of the top three breach vectors overall.
According to the Verizon DBIR, 74% of breaches include the human element. This frequency proves that social engineering techniques are highly effective and that people still play a vital role in cybersecurity. However, it’s important to note that the prevalence of the human element in data breaches has fallen by eight percentage points since last year, suggesting that more organizations have implemented security awareness programs and cybercriminals are beginning to favor exploiting technical vulnerabilities.
“Social engineering is one of the top three breach vectors and, in 32% of the incidents, attackers used solicited credentials to access user inboxes. In 56% of the cases, a cybercriminal persuaded someone to change the bank account information for a claimed individual. 86% of these cases involved stolen credentials, which cybercriminals used to access multiple user web accounts with sensitive information,” Duffey noted.
Phishing, while less prevalent than credential compromise and account takeover, continues to be a significant cause of data breaches. Of all the reported phishing incidents, nearly half were Business Email Compromise (BEC) attacks. Instead of fooling a victim into clicking a malicious link or email attachment, BEC attacks attempt to trick individuals into approving invoices, payments, or bank account information changes for financial gain.
Cybercriminals’ increased use of BEC tactics is interesting because it suggests that users are savvier to suspicious links and attachments, forcing attackers to resort to more nuanced techniques.
We’ve already established that cybercriminals exploit technical vulnerabilities more often, but why? We can likely attribute this increase to the infamous Log4J bug, which cybercriminals actively exploited throughout the early part of last year. The DBIR report found that Log4J, or CVE-2021-44228, was involved in 90% of incidents that leveraged vulnerabilities. Also of note is that 2% of all Log4j scanning activity occurred within 30 days of its release.
The 2023 DBIR states that approximately 73% of Log4j cases involved espionage, while 26% came from organized crime. According to Dr. Duffey, these numbers led to discussions regarding the need for application security, particularly a software bill of materials (SBOM) to provide organizations with insight into the software packages and libraries integrated into their applications.
Considering that nearly half (49%) of data breaches reported in the DBIR involve stolen or compromised credentials, implementing strong access controls is the most crucial thing organizations should do to protect themselves from data breaches. For Duffey, Multi-Factor Authentication (MFA) is the way to go.
However, it’s also important to implement other security controls. According to Duffey, organizations must utilize security and awareness training programs, effective incident management, and data recovery and restoration. To go even further, Duffey suggests using penetration testing and attack simulations to help identify weaknesses in people, processes, and technology.
ITEGRITI has deep experience across critical infrastructure cybersecurity programs, compliance, risk, and audit. Contact us today to learn how we can leverage this experience to help you accomplish your cybersecurity goals.
Contact Us: https://itegriti.com/contact/
ITEGRITI Services: https://itegriti.com