• Home
  • Journal
  • Public Companies
  • Verizon 2023 Data Breach Investigations Report: frequency and cost of social engineering attacks skyrocket

Verizon 2023 Data Breach Investigations Report: frequency and cost of social engineering attacks skyrocket

Human error continues to play a significant role in breaches across all industries

What you need to know:

  • Cost per ransomware incident doubled over the past two years, with ransomware accounting for one out of every four breaches.
  • Pretexting (Business Email Compromise) has more than doubled since the previous year.
  • The human element is involved in 3 out of 4 breaches.
  • Analysis of the Log4j incident illustrates the scale of the incident and the effectiveness of the coordinated response.

BASKING RIDGE, N.J., June 06, 2023 (GLOBE NEWSWIRE) — Verizon Business today released the results of its 16th annual Data Breach Investigations Report (2023 DBIR), which analyzed 16,312 security incidents and 5,199 breaches. Chief among its findings is the soaring cost of ransomware – malicious software (malware) that encrypts an organization’s data and then extorts large sums of money to restore access.

The median cost per ransomware more than doubled over the past two years to $26,000, with 95% of incidents that experienced a loss costing between $1 and $2.25 million. This rise in cost coincides with a dramatic rise in frequency over the past couple of years when the number of ransomware attacks was greater than the previous five years combined. That prevalence held steady this year: Representing almost a quarter of all breaches (24%), ransomware remains one of the top cyberattack methods.

The human element still makes up the overwhelming majority of incidents, and is a factor in 74% of total breaches, even as enterprises continue to safeguard critical infrastructure and increase training on cybersecurity protocols. One of the most common ways to exploit human nature is social engineering, which refers to manipulating an organization’s sensitive information through tactics like phishing, in which a hacker convinces the user into clicking on a malicious link or attachment.

“Senior leadership represents a growing cybersecurity threat for many organizations,” said Chris Novak, Managing Director of Cybersecurity Consulting at Verizon Business. “Not only do they possess an organization’s most sensitive information, they are often among the least protected, as many organizations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”

Like ransomware, social engineering is a lucrative tactic for cybercriminals, especially given the rise of those techniques being used to impersonate enterprise employees for financial gain, an attack known as Business Email Compromise (BEC). The median amount stolen in BECs has increased over the last couple of years to $50,000 USD, based on Internet Crime Complaint Center (IC3) data, which might have contributed to pretexting nearly doubling this past year. With the growth of BEC, enterprises with distributed workforces face a challenge that takes on greater importance: creating and strictly enforcing human-centric security best practices. 

“Globally, cyber threat actors continue their relentless efforts to acquire sensitive consumer and business data. The revenue generated from that information is staggering, and it’s not lost on business leaders, as it is front and center at the board level,” said Craig Robinson, Research Vice President at IDC. “Verizon’s Data Breach Investigations Report provides deep insights into the topics that are critical to the cybersecurity industry and has become a source of truth for the business community.”

In addition to the increase in social engineering, other key findings in the 2023 DBIR include: 

  • While espionage garners substantial media attention, owing to the current geopolitical climate, only 3% of threat actors were motivated by espionage. The other 97% were motivated by financial gain. 
  • 32% of yearly Log4j vulnerability scanning occurred in the first 30 days after its release, demonstrating threat actors’ velocity when escalating from a proof of concept to mass exploitation.
  • External actors leveraged a variety of different techniques to gain entry to an organization, such as using stolen credentials (49%), phishing (12%) and exploiting vulnerabilities (5%).

One of the ways that enterprises can help safeguard their critical infrastructure is through the adoption and adherence of industry leading protocols and practices. Verizon recently became the first nationwide telecom provider to become a participant of Mutually Agreed Norms for Routing Security (MANRS): a global initiative that provides crucial fixes to reduce the most common routing threats that can be exploited by attackers. Participation in MANRS demonstrates Verizon’s commitment to implementing industry best fixes to common routing threats and best practices geared at helping to prevent cyber incidents for customers on the network.

Verizon Communications Inc. (NYSE, Nasdaq: VZ) was formed on June 30, 2000 and is one of the world’s leading providers of technology and communications services. Headquartered in New York City and with a presence around the world, Verizon generated revenues of $136.8 billion in 2022. The company offers data, video and voice services and solutions on its award-winning networks and platforms, delivering on customers’ demand for mobility, reliable network connectivity, security and control.

Media contacts:
Carlos Arcila
+1.908-202-0479
Carlos.Arcila@verizon.com

Nilesh Pritam
+65 6248-6599
Nilesh.Pritam@sg.verizon.com

Louisa Rowntree
+44 777​1388040
Louisa.Rowntree@uk.verizon.com

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Cookie Notice

We use cookies to improve your experience on our website

Information we collect about your use of Goldea Capital website

Goldea Capital website collects personal data about visitors to its website.

When someone visits our websites, we use a third party service, Google Analytics, to collect standard internet log information (such as IP address and type of browser they’re using) and details of visitor behavior patterns. We do this to allow us to keep track of the number of visitors to the various parts of the sites and understand how our website is used. We do not make any attempt to find out the identities or nature of those visiting our websites. We won’t share your information with any other organizations for marketing, market research or commercial purposes and we don’t pass on your details to other websites.

Use of cookies
Cookies are small text files that are placed on your computer or other device by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.