The cybersecurity industry still has work to do to protect against advanced attack strategies that prey on human nature. According to Verizon’s 2023 Data Breach Investigations Report (DBIR), attackers are exploiting stolen credentials, privilege misuse, human error, social engineering, business email compromise (BEC), and pretexting. Despite increased cybersecurity spending, breaches are becoming more sophisticated, making it crucial for organizations to adopt a unified, integrated approach to cybersecurity that goes beyond IT departments to promote vigilance, resilience, and constant adaptation.
The report shows that attackers are increasingly targeting industries with the most to lose from business interruptions, such as finance and manufacturing. Ransomware incidents have increased in cost, making backup and incident response strategies more necessary to minimize damage. The DBIR warns of Log4j vulnerabilities, as exploitations peak just 17 days after discovery, highlighting the urgent need for prompt patching and system updates.
The report also reveals that humans remain the initial attack vector of choice, with social engineering and BEC strategies accounting for 84% of breaches targeting humans. Insider threats pose a particular challenge for enterprises, accounting for 19% of breaches. Even though compromised personal data is still the leading cause of breaches, the DBIR shows that attackers are increasingly focused on financial gain.
The DBIR provides a timely reminder of the need for cybersecurity transformation. Organizations must move beyond training to provide a strong defense baseline and prevent breaches. Cybersecurity providers must step up to deliver the value their customers need by improving identity, privileged access, and endpoint security. The DBIR advises organizations to assume a breach will happen and take the necessary preventative measures before one does. Embarking on an iterative approach that scales zero trust incrementally, protecting one surface at a time, could be the answer to this challenge.
To conclude, the Verizon 2023 DBIR highlights the need for a more comprehensive cybersecurity strategy that considers human factors and the fast-evolving threatscape. Clearly, cybersecurity is not pivoting fast enough to people-proof attack vectors. Enterprises must create a cybersecurity culture that promotes constant adaptation to evolving threats and resilience in the face of inevitable breaches.
