Fraud Management & Cybercrime , Ransomware , Social Engineering
Highlights of Verizon Data Breach Investigations Report 2023
Report's Lead Author Shares Top Findings, Best PracticesPretexting incidents, a social engineering technique that manipulates victims into divulging information, have nearly doubled since last year and now represent 50% of all social engineering attacks, according to Verizon's 16th annual 2023 Data Breach Investigations Report, which analyzed more than 16,312 security incidents, including 5,199 confirmed data breaches.
See Also: Preparing for New Cybersecurity Reporting Requirements
Social engineering fueled a rise in basic web application attacks, breaches and incidents, which represent approximately one-fourth of Verizon's data set. Web application attacks are most prevalent in the financial services sector, and findings show that 86% of such attacks involved the use of stolen credentials to "get into an API, get into a financial institution or someone's bank account even," which is "still a relatively simple endeavor," said Alex Pinto, lead author of the report and senior manager of the Verizon Threat Research Advisory Center.
While ransomware continued to be a major reason for a breach, the share of ransomware held steady at 24% last year. Ransomware attacks may not be growing as quickly, he said, but added, "I wouldn't count them out yet."
In this video interview with Information Security Media Group, Pinto discusses:
- An overview of findings from the 2023 Data Breach Investigations Report;
- The trends behinds the recent high-profile breaches resulting from application and API attacks;
- Insights from the report for security leaders and their teams.
Pinto's team at the Verizon Threat Research Advisory Center is responsible for the annual report as well as security research and thought leadership for the organization. He joined Verizon in 2018, after it acquired his machine learning-based network detection company Niddel. He has over 20 years of experience in building security solutions that focus on the application of data science to cybersecurity.