What You Need to Know From the 2023 Verizon Data Breach Report
The Verizon Data Breach Investigations Report (DBIR) 2023 is out, and it once again reveals critical insights into the state of cybersecurity.
In the words of Tami Erwin, CEO of Verizon Business, "The pandemic has forever changed the way we work, and bad actors have taken advantage of that by exploiting new vulnerabilities. Organizations need to be vigilant, resilient, and proactive in their approach to cybersecurity to stay ahead of these threats."
Major takeaways from the 2023 Verizon DBIR report:
- External attackers are a significant threat. According to the report, 83% of breaches involved external actors, and 95% of the breaches are financially motivated.
- Organized crime has become the “hardest working” bad actor in financially-driven breaches.
- Credential theft is becoming more common. 40% of all breaches involve the theft of user credentials, up from 33% in 2021.
- Phishing attacks are also still a major concern: 36% of the researched data breaches involved a phishing attack, and 85% of the attacks took place within the first 24 hours of receiving the phishing email.
- Ransomware continues its rise to popularity. Ransomware attacks increased by 6% compared to last year's report, with the manufacturing, public sector, and healthcare industries being the most targeted.
- The financial impact of data breaches is increasing. The average cost of a data breach is now $4.24 million, up from $3.86 million in 2021.
A firmly established and increasingly prevalent factor in the realm of cybersecurity threats is social engineering. This term encompasses the human aspects involved in security compromises. All too frequently, the tactics of social engineering serve to conceal the mechanisms of credential compromise or Multi-Factor Authentication (MFA) bypass. When we look at these elements in conjunction, it becomes startlingly clear that over 80% of attacks involve a preventable initial access compromise, one that is typically anchored on weak and easily phishable credentials.
In the DBIR report, Jen Easterly highlights that while some adversaries use advanced tools and techniques, most exploit unpatched vulnerabilities, poor cyber hygiene, or an organization's failure to implement critical technologies like MFA. This issue is so prevalent that many organizations only recognize the value of MFA after experiencing a breach.
It's clear that cybersecurity needs to be a top priority for all organizations, and the insights from the DBIR 2023 report should serve as a wake-up call for those who still need to prioritize this critical aspect of their business.
Zero Trust Authentication is your answer
Credential theft becomes a non-issue if you eliminate passwords and use phishing-resistant MFA. Factors like biometrics and cryptographic keys are bound to the user’s device in Zero Trust Authentication, making them highly phishing-resistant.
Device trust in Zero Trust Authentication is achieved by validating user devices. Traditional authentication measures fall short in the ability to validate devices reliably. Device trust requires that requesting devices are bound to a user and that both are authorized to access information assets.
You also need to verify device security posture rather than implicitly trusting that a device aligns with your organization’s security policies and is not infected.
With Zero Trust Authentication, you monitor multiple risk signals and make full use of your existing security ecosystem. Zero Trust Authentication collects and analyzes risk signals, using data from endpoints and security and IT management tools. The key is a policy engine that makes risk-based decisions, assesses risk continuously. Evaluating risk continuously gives you the opportunity to take immediate action if a threat is detected.
As the leading provider of Zero Trust Authentication solutions, Beyond Identity can help you protect your organization against the threats listed in Verizon’s 2023 DBIR Report. To find out more, book a demo today.
Want to learn more? Check out Zero Trust Authentication: Securing User and Device Access for a Distributed, Multi-Cloud World. This book is the ultimate resource for implementing the passwordless, phishing-resistant authentication you need.