Verizon Data Breach Report 2023: Recent insights and recommendations for IT security

30. August, 2023

The Verizon Data Breach Report 2023 provides valuable insights into the current threat landscape and its constant changes. [1] More than 16,000 security incidents of international companies were analysed and evaluated by the DBIR team. The focus is on the following four criteria:

actor (who?),
action (how?),
asset (where?),
attribute (what?).

Updated approach and structure of the report

The current report aligns the results with the MITRE ATTACK framework to classify and understand the attackers’ modus operandi. [2] In addition, concrete recommendations and assignments were formulated for the 18 safety recommendations of CIS Controls. [3] This should make it easier for IT security officers to determine whether or what action is required.

Key findings of the Verizon Data Breach Report 2023

The human factor is still crucial when it comes to maintaining IT security. Developments in the field of artificial intelligence (AI) in particular highlight the need to react to new trends in good time.

About three quarters of all security-related incidents are due to human intervention. These include operating errors, misuse of privileges, stolen credentials and social engineering.
About four fifths of the security breaches were committed by external actors. The main reasons for attacks are financial in 95% of cases.
The three main ways attackers access an organisation are through stolen credentials, phishing and exploiting vulnerabilities.

Social engineering attacks are often combined with “pre-texting” and are thus becoming more sophisticated. There has been an increase of almost 50 % in this category. Here, attackers use a real email communication and the context it contains to ask recipients to perform a relatively routine task, such as updating a supplier’s bank account.

Ransomware attacks account for one in four negative security incidents. However, there are differences when looking at specific industries. In the retail sector, the average is around 40%.

The importance of user IDs and MFA

In the EMEA region, almost 97% of all security incidents involve intrusion into third-party systems through social engineering and access via web applications. More than 50 % of these criminal accesses occur after valid user IDs have been stolen or misused.

This suggests that it is not only important for users to set up robust multi-point authentication (MFA), but also to be able to use it correctly. Regular training of staff is therefore essential!

CIS Controls as a guide to countermeasures and strategies

The Verizon Data Breach Report shows different ways of looking at and approaching data breaches to deduce the effects on one’s own company. The breakdowns by industry, approach, motivation, and company size are interesting. One commonality exists across all categories: Many of the attacks were successful because those responsible did not know enough about the existing systems, software, and resources.

Knowing your environment is the foundation of any cybersecurity programme. The 18 updated points of the CIS Controls (critical security controls) describe how to plan for implementation in stages and what costs can be expected. [4] The first three points deal with the inventory, the systems used and data protection. After all, you can’t protect something you don’t know about.

The constant evolution of IT systems and attack scenarios makes it necessary to keep up to date with the latest developments in IT security and to implement proven security measures on a regular basis. The Verizon Data Breach Report 2023 illustrates once again that the security of our systems and data is of vital importance. The findings presented can serve as a guide to an effective security strategy.