Verizon has released its 2023 Data Breach Investigations Report (DBIR), the 16th annual publication providing an analysis of real-world data breaches and security incidents.
The report is based on data collected from a wide range of sources, including Verizon's own incident response investigations, contributions from law enforcement agencies, cybersecurity firms, and other organizations.
The purpose of the DBIR is to provide insights into the current state of cybersecurity threats, attack trends, and vulnerabilities. It offers valuable information to organizations and security professionals to help them understand the evolving threat landscape and make informed decisions about their security strategies.
The DBIR typically includes statistics, analysis, and case studies of various types of incidents, such as data breaches, network intrusions, malware infections, phishing attacks, and more. It highlights common attack patterns, industry-specific trends, and the most prevalent attack vectors being used by cybercriminals.
The report often includes recommendations and best practices to mitigate the risks identified in the data. It aims to raise awareness about cybersecurity issues and encourage organizations to adopt proactive measures to protect their data and systems.
The report aims to look at where things went wrong while being able to grow and learn from the patterns it tracks. Verizon uses the VERIS framework (Vocabulary for Event Recording and Incident Sharing), which is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. They use the four A's (actor, action, asset, attribute) to categorize and better describe incidents.
In total, 953,894 incidents and 254,968 breaches have been tracked since the beginning of these reports, and VERIS is to thank for the huge amounts of data Verizon has been able to collect.
So what did they find? Let's take a look at this year's findings.
This year, Verizon analyzed 16,312 security incidents and 5,199 confirmed data breaches. Seventy-four percent of breaches included the human element, which should be expected given the frequency of social engineering, stolen credentials, and privilege misuse.
No surprise, social engineering is mentioned right off the bat. "Social engineering attacks are often very effective and extremely lucrative for cyber criminals," Verizon claims. Business email compromise (BEC) has almost doubled across their dataset, and represents the majority of incidents within the social engineering pattern.
These criminals' methods can be predictable. As the data show, the three primary ways for attackers to gain access to an organization's information is through stolen credentials, exploitation of vulnerabilities, and phishing.
"It really is true as they say, that the only certainties in life are death, taxes and external actors." The frequency of external actors has held a consistent spot in Verizon's data over the past few years.
These external actors are external threats that originate from outside the organization and the network of its partners. Examples include criminal groups, lone hackers, former employees, and government entities.
Ransomware occupied its fair share of space in Verizon's report, making the top of the list for top action types present in breaches. Though it may be a frequent flier, ransomware hasn't grown in breaches. It still maintains similar statistics from previous years. Verizon anticipates that these numbers will go down, rather than up, as they believe ransomware has hit its peak.
Something that has certainly stayed static the past few years is asset data. Assets can be manipulated by attackers, and that was the case again this year, with the same exact causes as last year. This year saw fewer servers being affected, but a slight rise in breaches due to user devices, locking it in as the third highest contributor to breaches in the asset category.
Virtual currency caught Verizon by surprise this year, as there were at least four times as many breaches due to cryptocurrency. These breaches stem from a rise in exploit vulnerability, stolen credentials, and phishing. Verizon encourages users to be careful with cryptocurrency, as it can be risky to have these types of assets even when there aren't bad actors present.
Confidentiality, availability, and integrity are the triad of information security; they are also the categories for attributes. These attributes help incident response understand the potential of an incident by describing what affected the asset (or, was the asset even affected?).
One of the more interesting attribute varieties they track every year is confidentiality data varieties (what kinds of data get leaked in a breach.) Most confidentiality breaches are due to personal data and credentials being stolen.
This report is filled with in-depth categorization, and Verizon's Incident Classification Patterns are no different. "Our incident patterns are, in a nutshell, a way to cluster similar incidents into an easy-to-remember shorthand." This year, Verizon showcased a detailed breakdown of the ATT&CK techniques and Center for Internet Security (CIS) Critical Security Controls related to certain patterns.
These patterns are important to follow closely. For the last seven years, denial of service (DoS) has shown up at the top of their graphs and has led their incident reports. Denial of service isn't the only classification, with other examples being lost and stolen assets, web applications, miscellaneous errors, privilege misuse, social engineering, and system intrusion.
To read the full findings, see the entire report on Verizon's website.
