With the release of Verizon’s 2023 Data Breach Investigation Report (DBIR) in recent months, there’s a lot of new information out there about how the industry has shifted over the last year as industries have adjusted to the ever-changing threat landscape. Focusing extensively on data breaches and security incidents, Verizon’s DBIR goes into detail about the actors, methods, outcomes, and overall trends associated with data breaches over the past few years. Here are our key findings from the report.
Threat actors and their motivations
Verizon has showed that Organized Crime continues to be the dominant threat actor in play, making up over 70% of the almost 2,500 breaches identified by the report. Considering that the main threat actor motivation is financial, at well over 95% in all breaches, this makes sense given the entire drive behind cybercrime rings is unadulterated greed. One interesting finding in this year’s DBIR report, however, is that end-users cause a significantly greater number of data breaches than nation-state actors. APTs undoubtedly have significantly more advanced exploitative capacity and resources, but the numbers say that odds are good that an internal user poses a greater threat than a state-sponsored actor.
Most targeted industries
The report contains tons of information relating to the prevalence of incidents and breaches within various industries, but we need to be careful not to misattribute these numbers as an indicator of any specific sector’s ability to defend itself. The results need to be taken with a grain of salt because all that we can meaningfully gleam from this is the amount of hostile attention geared toward a specific industry rather than an inference about their cybersecurity performance.
With that being said, what is most interesting here is the big picture. According to the report, the industries with the greatest number of security incidents, across organizations of all sizes, are the Public (20%), IT (13%), and financial sectors (11%). It’s worth noting here that a significant amount of the attacks mentioned here are attributed to “unknown” industries (17%). For breaches the numbers aren’t too far off, as the industries with the highest number of breaches are the public sector (11%), the financial sector (9%), and healthcare (8%). These numbers make a lot of sense when you consider the ongoing push throughout the government for higher levels of cyber resiliency, the financial motivations of cyber criminals, and the ongoing threat of software supply chain attacks threatening all downstream users of software providers.
Incident and breach classification patterns
Another useful indicator tracked in the DBIR are the actions undertaken in identified breaches and incidents, which gives us a clearer idea of what the leading attack methods are for the year. Verizon found that almost 40% of security incidents were denial of service attacks, 25% were system intrusion attempts, 15% utilized lost or stolen assets, a little over 12% were social engineering attacks, and 10% to basic web application attacks, with the remainder being composed of miscellaneous errors and other uncategorized attacks. The DBIR attributes almost 40% of breaches to System Intrusion attacks (think ransomware, exploited vulnerabilities, or utilizing stolen credentials to gain system access), 25% to basic web application attacks, 20% to social engineering, about 10% to miscellaneous errors, and 8% to privilege misuse.
The report goes into great detail for each category, including primary threat actors, motives, and data types compromised. While we can’t go into as much detail here as we’d like, we promise it’s worth the read.
Most sought after data varieties
The DBIR tracks Attribute categories according to the CIA Triad: Confidentiality, Integrity, and Availability. One of the most interesting findings in this report is their breakdown of the Confidentiality data composition of breaches, which tells us what kinds of data are getting out the door during exfiltration. According to Verizon, a little over 55% of data breaches expose personal data, 50% include user credentials, 35% include internal corporate data, about 15% system data, and 5% contain medical information. This composition tells us that PII, user credentials, and internal company data are by far the most frequently compromised form of information to be exposed in data breaches.
There is far more in the report than what we have covered here, but these are what we feel are the biggest takeaways. Some of these findings are surprising, but they also aren’t earth-shattering revelations either. Overall, Verizon’s DBIR has a lot of thought-provoking material that tells us a lot about the overall state of the industry, and you can find the full report here.