Verizon's 2023 Data Breach Investigation Report (DBIR) has once again provided vital insight into the state of cybersecurity, including new phishing capabilities and the rising cost of ransomware attacks. The DBIR is one of the cybersecurity industry's most anticipated reports because it analyzes data from real-world incidents, allowing all business owners to gauge what's really going on.
Ransomware, social-related attacks, and email scams are among the most common data breaches described in the report, costing some individuals and organizations up to $2.25 million in the past year. Here's an overview of the DBIR's most significant highlights, concerns, and impacts on the cybersecurity industry.
1. Ransomware costs have increased
Ransomware has been one of the most significant cybersecurity concerns facing businesses since 2005. According to the DBIR, ransomware comprised 24% of action-type breaches and 15.5% of action-type incidents in the past year.
Side note: Action-type breaches refer to cybersecurity attacks that feature exploitive "actions" or strategies, such as pretexting and ransomware. While the percentage of these breaches didn't increase much, the cost has doubled since 2021.
Ransomware is present in about 60% of all incidents committed by organized cybercriminals and incidents with financial motivation. This type of malware has heavily contributed to data obscuration, or the inability to access your files and information, comprising over 75% of availability impacts since 2021.
How does modern ransomware work?
Ransomware steals and encrypts specific computer files so users and organizations cannot access them until a predetermined ransom is paid to the attacker. It's commonly used within larger system intrusions to attract additional income for attackers.
Email, desktop-sharing software, and web applications are the most common action vectors. Not only is this malware a critical security concern, but making critical files inaccessible is frustrating and costly for the victim organization.
In most cases, it's easier and cheaper for organizations without cybersecurity services to pay the ransom rather than track down the attacker, break file encryptions, or start files from scratch. However, most experts recommend avoiding this, as "letting the bad guys win" may only encourage (and fund) further attacks.
How has ransomware changed in 2023?
Ransomware attacks and incidents are at an all-time high, and no one knows what next year will hold. One particularly interesting finding from the DBIR is that most data breaches that don't feature ransomware exclude it because:
- Ransomware isn't possible in those instances
- The attacker just isn't interested
Going forward, the most pressing issues are ransomware attackers' evolving techniques and the overall costs to victims. In 2021, the median amount lost from ransomware data breaches was $11,500. That number has more than doubled in 2023, with ransomware breaches ranging from $26,000 up to $2.25 million.
Even if the number of ransomware attacks doesn't increase, they're becoming far more costly for business owners to pay out or fight. Fortunately, the number of ransomware incidents that featured financial loss fell from 10% to 7% over the past two years.
2. Business email compromise attacks have doubled
According to the 2023 report, business email compromise (BEC) attacks now represent over 50% of social engineering cybersecurity incidents, nearly twice the amount reported in 2022.
BEC attacks are an increasingly common phishing strategy. In these scenarios, a threat actor uses routines, dialogue, and other information from previous email threads to influence their attack. They often impersonate other professionals that the victim may be in contact with by email, such as supervisors, vendors, and clients.
Most BEC attacks are categorized as social engineering, where threat actors use deception and manipulation to trick their victims. These attacks often use pretexting techniques, where a scammer uses fictitious scenarios to compromise networks and data.
How does pretexting work?
Pretexting attackers may impersonate an authority figure or someone the victim trusts. They use made-up situations to trick and manipulate victims into compromising the network or disclosing private information. Victims are usually persuaded to share sensitive data, send money, download malware, or give attackers network access. Examples include:
- Fake emails that impersonate loved ones
- Scammers pretending to be employees
- Mock virus pop-ups
Most pretexting and other cyberattacks feature the four A's: actors, actions, assets, and attributes. Pretexts, specifically, focus on actors and actions. The attacker is usually the "actor," and their "actions" range from impersonation to full-scale breaches.
Many pretexting scenarios are rather generic and, fortunately, easy to spot, such as scam emails or automated phone calls. However, many successful attackers take time to study their victims, whether they're individuals or organizations, to make their attacks more effective.
How has pretexting changed in 2023?
Pretexting has significantly increased in the past year—specifically social actions such as mail and web application attacks—and has risen by over 800% since 2017.
The amount of stolen money from pretexting and BEC attacks has steadily increased over the past few years, reaching a median of $50,000, according to the new report. Phishing and other email scams remain the predominant pretext strategies in 2023, making up 44% of social engineering incidents.
Financial gain was the most common motivation for social engineering threat actors, making up 89% of the 1,700 reported incidents in 2023. Over three-quarters of compromised data included credentials, such as passwords, Social Security Numbers, and credit card information, with nearly 1,000 confirmed data disclosures.
Another noticeable change is that pretexting strategies have become more complex and personal. Almost everyone knows what to look for with generic phishing attacks, such as flashy subjects, blanket greetings, odd requests, typos, and an overall lack of personality. More personalized attacks like BEC seem less suspicious in comparison, especially if the attacker has thoroughly laid the groundwork prior.
3. Humans are involved in 74% of breaches
Social engineering is one of an attacker's most successful tools. The human element was involved in 74% of cybersecurity breaches in the past year, with 83% involving external actors such as cybercriminals and state-sponsored actors. Of those, attackers' three primary strategies have been credential theft, vulnerability exploitation, and phishing.
Social engineering may be an even greater risk to remote and hybrid organizations. Forbes found that in 2021, one year after many industries shifted to remote workplaces, cyberattackers stole nearly $7 billion from organizations using social engineering techniques.
They accessed online files, Zoom meetings, and other assets that were previously secured in physical servers or storage. One particularly effective technique featured invitations to virtual company meetings. In these fake meetings, threat actors used AI-simulated audio to impersonate leadership and instruct employees to transfer money to fraudulent accounts.
This is just one of many examples of how adding a personal touch can make cybersecurity attacks significantly more effective and difficult to spot.
Moving forward from the Verizon DBIR
The most significant takeaway from Verizon's 2023 Data Breach Investigation Report is that cybersecurity incidents are becoming increasingly common, not just for the largest organizations.
With automation technology, social engineering, and ransomware strategies advancing, cybercrime has become similar to a service industry, and attackers can now launch attacks faster and easier. Even the most prepared business owners are susceptible to data breaches.
The top way to keep your data secure is to ensure you have the best cybersecurity solutions to detect and effectively respond to attacks.
In our Choosing the Right Cybersecurity Solution eBook, we discuss how the right cybersecurity measures can help business owners reduce their risk of falling victim to the attacks mentioned above.
Though incidents and breach attempts may be unavoidable, there's a lot you can do to protect your network, data, and peace of mind. Download the eBook today to learn even more about how you can improve your cybersecurity posture.
