Verizon Business recently unveiled its 17th-annual Data Breach Investigations Report (DBIR), which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023—a two-fold increase over 2022.
Key findings from the report include:
- The exploitation of vulnerabilities as an initial point of entry almost tripled from last year, accounting for 14 percent of all breaches. This spike was driven primarily by the increasing frequency of attacks targeting vulnerabilities on unpatched systems and devices (zero-day vulnerabilities) by ransomware actors. The MOVEit software breach was one of the largest drivers of these cyberattacks.
- Analysis of the Cybersecurity Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog revealed that on average it takes organizations 55 days to remediate 50 percent of critical vulnerabilities following the availability of patches. Meanwhile, the median time for detecting the mass exploitations of the CISA KEV on the internet is five days.
- Breaches involving a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues rose by 68 percent from last year.
- More specific to manufacturing, system intrusion continues to be the most common type of breach within the industrial sector, due to a combination of hacking with stolen credentials (15 percent) to gain access to the environment and then the widespread application of ransomware (85 percent).
- Nearly half (48 percent) of error-related breaches in manufacturing are due to mis-delivery (delivering information to the wrong recipient).
- The exploitation of vulnerabilities as a first step has almost tripled, seeing a 180 percent year-over-year increase.
- Most breaches (68 percent), whether they include a third party or not, involve a non-malicious human element, i.e. a person making an error or falling prey to a social engineering attack. This percentage is about the same as last year.
- On the positive side of things, reporting practices have improved, with 20 percent of users identifying and reporting phishing in simulation engagements, and 11 percent of users who clicked the email also reported it.
- 32 percent of all breaches involved some type of extortion technique, including ransomware.
- Over the past 10 years, the use of stolen credentials has appeared in almost one-third (31 percent) of all breaches.
To view the report in its entirety, click here.
