Verizon's 16th annual data breach investigation report provides the latest, real-world insights into cyber threats. The report, Verizon DBIR 2023, was prepared by compiling, anonymizing, and analyzing data on 16,312 incidents and 5,199 global data breaches, which occurred between November 1, 2021, and October 31, 2022.
Verizon Data Breach Investigations Report 2023 does not simply focus on the overall statistics of threats to data security but rather delves deeper into how and why these incidents occur. As a result of the analysis process, it puts forward observations that will facilitate organizations to comprehend the measures against cyber threats and the possible steps to improve their information technology infrastructures.
And in this post, we will share some takeaways from Verizon's comprehensive report, which are likely to be significant for access security in 2023.
Social engineering attacks will be among the most popular cyber threats in 2023. According to the report, more than 50% of social engineering activities involved a Business Email Compromise (BEC) attack, which means a twofold increase compared to the previous year. As a matter of fact, the average cost of these attacks has risen to $50,000 in the last few years, with a notable increase in the number of BEC attacks.
Phishing is the most common type of social engineering attack, with the highest usage rate second only to the BEC attack. Of all social engineering attacks in the report, 44% were carried out by phishing. The third most preferred social engineering method is stolen credentials. This method, which is usually performed by accessing the data of staff within the organization, finds buyers for high sums of money on the dark web market.
Perhaps the most striking statistic in the Verizon report is about the human element. Indeed, the human element was involved in 74% of the 16,312 incidents and 5,199 global data breaches covered by the report. Such a high rate of human error has as much to do with Privilege Misuse as it does with unintentional behavior that paves the way for social engineering attacks. Employees with privileged access to the organization's network structure misuse these privileges, leading to significant problems for organizations with sensitive data.
On the other hand, the misuse of privileges stands out as an important factor in the presence of internal threats, yet 83% of data breaches are caused by external threats. In addition, seeking financial gain remains the primary motivation in 95% of these breaches. All these reasons are why organizations should benefit from an advanced cybersecurity system that can both prevent misuse of privileges and deter external threats.
According to Verizon DBIR 2023, ransomware attacks are flat year-over-year at 24% but still remain a major threat to organizations of all sizes and industries. That's because 62% of all incidents today involve ransomware, and 59% of those have a financial motive.
94% of ransomware attacks occur through system intrusion. Additionally, ransomware attacks are the most common attack method in 91% of the sectors covered in the report. Such attacks not only pose a threat to critical digital assets and the continuity of an organization's system but can also cause significant financial damage. According to DBIR 2023, the median cost of a ransomware attack was $26,000, marking a more than twofold increase from 2021, when the most recent calculation was made. In addition, the 95% loss range has increased to the upper limit, between $1 million and $2.25 million, which could be unsafe for a small organization.
It is worthwhile to elaborate on the issue of internal threats, which we briefly touched upon in the section on human error, as potential problems posed by internal threats, especially the misuse of privileged access, are likely to be high on the cybersecurity agenda in 2023.
External threats, mostly composed of organized cybercriminals, are responsible for 83% of the data breach incidents covered in the report. The same rate is 19% for internal threats. But two things should be noted here. First, the 19% is not only due to human error. Your employees may misuse their privileged access to obtain financial benefits, thus facilitating the activities of cyber attackers, or they might as well misuse their privileged access to sell sensitive data about digital assets on the dark web.
Privileged Access Management (PAM) offers one of the most functional ways to protect your entire information technology infrastructure end-to-end. First and foremost, PAM provides an encrypted infrastructure that ensures that each privileged session on the system is authenticated. PAM inherently offers the ability to authorize all users on your organization's network at different levels and incorporates a password vault feature to store the passwords of the users to whom privileged access is granted - secluded from the rest of the system. The password vault module of this cybersecurity solution allows you to prevent data breaches stemming from internal threats and detect potential attempts in a short time.
Another major feature of PAM is real-time monitoring and dynamic data masking. PAM monitors each and every activity performed on your organization's network and database in real-time and records all actions of database administrators via its dynamic data masking module. Plus, the dynamic data masking feature masks your organization's sensitive data and hides the real data. This means that even if cyber attackers can access your network, which is more secure thanks to PAM, they will only encounter masked data.
An additional advantage of Privileged Access Management systems lies in the security measures introduced by the privileged session manager and multi-factor authentication. The privileged session manager checks which user performs sessions and actions on the system and who are involved in such sessions. Multi-factor authentication, on the other hand, requests authentications - such as token, OTP, location, and time information - simultaneously from users who request privileged access. Unless the required information is authenticated by the requested period, the system does not allow access to the system.
If you want to protect your organization against cyber threats and get a solution capable of adapting to the latest insights of 2023, you may start using Single Connect, one of the world's leading PAM products. With it’s comprehensive PAM solutions Kron recognized in the reports of Gartner, KuppingerCole, Omdia, and Forrester, which protects your organization against data breaches in the best way with top-level access security.
You can contact us to get more detailed information about Single Connect, which provides excellent security for your entire technical infrastructure.
Elevating Privileged Access Management with Kron PAM and Microsoft Entra ID Integration
May 23, 2024
Enhancing Security with Kron PAM's Multitenancy: A Game-Changer for Large Organizations
Jun 10, 2024