Verizon 2023 Data Breach Investigation Report

The annual Data Breach Investigation Report (DBIR) from Verizon is out for 2023! The summary of findings explain that social engineering attacks are often very effective and lucrative for cybercriminals. Also, business email compromise has almost doubled and represents more than 50% of incidents. 74% of all breaches include the human element, with people being involved either via error, privilege misuse, use of stolen credentials or social engineering. The three primary ways in which attackers access an organization are stolen credentials, phishing and exploitation of vulnerabilities.

The complete 2023 DBIR, as well as an executive summary, is available on Verizon’s DBIR resource page.

This year the DBIR team analyzed 16,312 security incidents, of which, 5,199 were confirmed data breaches. On page 4, the report explains who a threat actor is and what tactics and actions are referenced throughout the report. The report highlights incidents and breaches, and the following definitions were provided.

  • An incident is defined as a security event that compromises the integrity, confidentiality or availability of an information asset.
  • A breach is an incident that results in the confirmed disclosure-not just potential exposure-of data to an unauthorized party. A Distributed Denial of Service (DDoS) attack, for instance, is most often an incident rather than a breach, since no data is exfiltrated. That doesn’t make it any less serious.

Classification Patterns

The report breaks down incidents into 8 classification patterns.

System Intrusion – 3,966 incidents, 1,944 with confirmed data disclosure. Ransomware continues to dominate and uses a variety of tools.

  • These are complex attacks that leverage malware and/or hacking to achieve their objectives, including deploying Ransomware.

Social Engineering – 1,700 incidents, 928 with confirmed data disclosure. Phishing and Pretexting continue to dominate.

  • This attack involves the psychological compromise of a person that alters their behavior into taking an action or breaching confidentiality.

Basic Web Application Attacks – 1,404 incidents, 1,315 with confirmed data disclosure. These breaches and incidents tend to be largely driven by attacks against credentials, with the attackers then leveraging those stolen credentials to access a variety of different resources.

  • These attacks are against a Web application, and after the initial compromise, they do not have a large number of additional actions. It is the “get in, get the data and get out” pattern.

Miscellaneous Errors – 602 incidents, 512 with confirmed data disclosure

  • Incidents where unintentional actions directly compromised a security attribute of an information asset fall into this pattern. This does not include lost devices, which are grouped with theft instead.

Denial of Service (DoS) – 6,248 incidents, 4 with confirmed data disclosure. This type of threat continues to dominate and has remained in the top spot of incidents for several years.

  • These attacks are intended to compromise the availability of networks and systems. This includes both network and application layer attacks.

Lost and Stolen Assets – 2,091 incidents, 159 with confirmed data disclosure.

  • Incidents where an information asset went missing, whether through misplacement or malice, are grouped into this pattern.

Privilege Misuse – 406 incidents, 288 with confirmed data disclosure. Employees continue to use their access to commit breaches.

  • These incidents are predominantly driven by unapproved or malicious use of legitimate privileges.Everything Else – Covers all incidents that don’t fit the other patterns.

Industry Highlights

Educational Services – 497 incidents, 238 with confirmed data disclosure.

  • Top patterns: System Intrusion, Miscellaneous Errors and Social Engineering represent 76% of breaches
  • Threat actors: External (72%), Internal (29%), Multiple (1%), Partner (1%) (breaches)
  • What is the same? System Intrusion and Miscellaneous Errors are yet again two of the top three patterns for this industry. The ratio of External and Internal actors is nearly the same as last year.

Healthcare – 525 incidents, 436 with confirmed data disclosure. This sector is highlight targeted by ransomware attacks.

  • Top patterns: System Intrusion, Basic Web Application Attacks and Miscellaneous Errors represent 68% of breaches
  • Threat actors: External (66%), Internal (35%), Multiple (2%) (breaches)
  • What is the same? The top three patterns remain the same, although the order has changed. Internal actors making mistakes continue to trouble this sector.

Public Administration – 3,273 incidents, 584 with confirmed data disclosure.

  • Top patterns: System Intrusion, Lost and Stolen Assets, and Social Engineering represent 76% of breaches.
  • Threat actors: External (85%), Internal (30%), Multiple (16%) (breaches)
  • What is the same? This sector continues to be targeted by Financially motivated external threat actors as well as spying Nation-states that are interested in what their rivals are doing. Personal data remains the most often stolen data type.

Attribution: Verizon 2023 Data Breach Investigations Report. As stated in the report, it is permitted to include statistics, figures and other information from the report. Exact quotes are permitted. (Page 6)

Download the full report: verizon.com/dbir

Related Posts

Top 5 Best Practices For Successful Oracle ERP Cloud Implementation

Oracle ERP cloud implementation can bring many benefits to your business, including improved efficiency through automation of routine tasks, real-time insights for faster decision making, and More…

12 Benefits Of Cloud Implementation Services

Cloud implementation services are a strategic and technical journey that benefits organizations. Let’s immerse ourselves in the world of “cloud implementation services,” exploring the benefits and implementation…

12 Benefits of Cloud Computing

All this seems to indicate that given the apparent direction in which the industry is moving, there’s never been a better time to get your head in…

Complete Guide For Salesforce Sales Cloud Implementation

Today buyers prefer optimal ways to shop and expect ease of purchasing with just a few clicks. To cater to these expectations, businesses can integrate multiple add-ons,…

Compare The Best Virtual Private Servers (VPS Hosting)

Want to jump straight to the answer? The best VPS host for most people is Bluehost or HostGator. Shared hosting is cost-effective for beginner or low-traffic websites….

What Caused the Uber Data Breach in 2022?

The Uber data breach began with a hacker purchasing stolen credentials belonging to an Uber employee from a dark web marketplace. An initial attempt to connect to…