Keepnet Labs Logo
Menu
HOME > blog > unveiling the key insights from the 2023 data breach investigations report

Unveiling the Key Insights from the 2023 Data Breach Investigations Report (DBIR)

The DBIR presents a fascinating analysis of the ongoing battle between external and internal threat actors. External actors continue to be the primary instigators of breaches, with criminal groups, lone hackers, and organized crime taking the lead. However, the report emphasizes the significant impact of internal actors, who account for a notable portion of incidents.

By Ozan UCAR, CEO of Keepnet Labs

Unveiling the Key Insights from the 2023 Data Breach Investigations Report (DBIR)

Introduction

I recently had the opportunity to delve into the highly anticipated 2023 Data Breach Investigations Report (DBIR) published by Verizon. TThe 2023 Data Breach Investigations Report (DBIR) highlights several key cybersecurity risks, with significant impacts on financial loss, operational disruptions, and reputational damage.

Business Email Compromise (BEC) attacks have led to substantial financial losses, with the FBI reporting that in 2022, the Internet Crime Complaint Center (IC3) received 800,944 complaints, resulting in potential total losses growing from $6.9 billion in 2021 to more than $10.2 billion in 2022.

Ransomware attacks have caused significant operational disruptions; for instance, the British Library cyberattack in October 2023 led to the main catalogue being offline for months, with partial restoration only in January 2024, and some services expected to remain unavailable for months, costing the library an estimated £6–7 million to recover.

In October 2023, the British Library suffered a ransomware attack by the hacker group Rhysida, leading to the public release of approximately 600GB of leaked material online after the library refused to pay the ransom, which has been described as "one of the worst cyber incidents in British history," significantly tarnishing the institution's reputation.

These examples underscore the critical need for organizations to strengthen their cybersecurity measures to mitigate financial losses, operational disruptions, and reputational harm.

Understanding the Threat Actors:

The DBIR presents a fascinating analysis of the ongoing battle between external and internal threat actors. External actors continue to be the primary instigators of breaches, with criminal groups, lone hackers, and organized crime taking the lead. However, the report emphasizes the significant impact of internal actors, who account for a notable portion of incidents. This finding underscores the importance of adopting a comprehensive security approach that addresses external and internal threats. So, in my opinion, the best way will be to implement measures to detect and mitigate potential risks from malicious insiders while strengthening their defenses against external threat actors.

threat actors.png

Shining a Light on Actions and Attack Vectors:

One of the standout findings from the DBIR is the prominence of ransomware in the cybersecurity landscape. Ransomware has continued to dominate the scene, making its presence felt in a staggering number of incidents. However, the report also highlights the prevalent use of stolen credentials as a primary action in breaches. This underscores the critical importance of robust authentication practices and access control management. Organizations must prioritize the implementation of multi-factor authentication (MFA) and employ effective access control mechanisms to mitigate the risks associated with stolen credentials. Additionally, basic web application attacks, which exploit vulnerabilities and leverage stolen credentials, remain a persistent threat. The DBIR emphasizes the need for organizations to prioritize patch management and regularly update their systems to protect against these attacks.

actions and attack vectors.png

Protecting Confidentiality, Integrity, and Availability:

The DBIR emphasizes maintaining data assets' confidentiality, integrity, and availability (CIA). Breaches involving personal data, particularly personally identifiable information (PII), remain a significant concern. Organizations must adopt stringent measures such as data encryption, access control management, and security awareness training to protect sensitive information effectively. Within these facts, by implementing robust data protection mechanisms and fostering a strong security culture, organizations can safeguard their assets and maintain the trust of their stakeholders.

Incident Classification Patterns:

The DBIR introduces incident classification patterns, providing security researchers with valuable insights into the methods employed by threat actors. From denial of service (DoS) attacks to social engineering and system intrusion, these patterns offer a comprehensive view of evolving attack vectors. The report highlights the rise of social engineering incidents, particularly those involving pretexting. This underlines the need for organizations to adopt a collaborative approach to security, moving beyond traditional phishing exercises. In my opinion, the best way is to implement comprehensive security awareness programs, organizations can educate their employees about the evolving tactics employed by threat actors and enhance their resilience against social engineering attacks.

30 copy.webp

Industry-Specific Insights:

The DBIR provides valuable industry-specific insights, highlighting different sectors' unique challenges. From healthcare to manufacturing, each industry possesses its own vulnerabilities and patterns. For instance, the healthcare sector grapples with ransomware attacks that compromise critical systems and disrupt operations. On the other hand, the manufacturing industry faces cyber threats that exploit vulnerabilities in technology. The financial and insurance sectors experience a high incidence of fundamental web application attacks, underscoring the need for organizations to prioritize protection against credential exploitation. These industry-specific insights empower security researchers to tailor their approaches, develop targeted solutions, and address sector-specific risks effectively.

industry insights.webp

In the healthcare sector, ransomware attacks continue to plague organizations, posing a significant threat to patient safety and data privacy. The DBIR highlights the need for healthcare institutions to fortify their cybersecurity defenses, implement robust backup and recovery measures, and conduct regular vulnerability assessments to identify and address potential weaknesses. Additionally, educating healthcare staff about the risks of social engineering and phishing attacks can reduce the likelihood of successful breaches.

The manufacturing industry, driven by innovation and technological advancements, faces unique cybersecurity challenges. The DBIR identifies vulnerabilities in technology infrastructure as a primary concern. Manufacturing organizations must prioritize regular patch management, secure configuration practices, and network segmentation to mitigate the risks of system intrusion and data breaches. Implementing strong access controls and monitoring privileged accounts can further enhance the security posture of manufacturing facilities.

Due to its highly regulated nature and the value of the data it handles, the financial and insurance sectors experience a high incidence of fundamental web application attacks. These attacks often exploit vulnerabilities in web applications to gain unauthorized access to sensitive information. The DBIR underscores the importance of implementing secure coding practices, regular security assessments, and robust incident response plans within this sector. Additionally, organizations must prioritize the protection of customer credentials through the implementation of multi-factor authentication (MFA) and the continuous monitoring of access privileges.

The DBIR emphasizes the significance of collaboration and information sharing

By exchanging insights, threat intelligence, and best practices, researchers can collectively enhance their understanding of emerging threats and devise more effective countermeasures. Collaboration between industry experts, academia, and government bodies can foster innovation and accelerate the development of cutting-edge cybersecurity solutions.

Conclusion

The 2023 DBIR is a valuable resource for security researchers, professionals, and organizations, providing a comprehensive analysis of the cybersecurity landscape. By understanding the dynamics of threat actors, actions, attributes, incident patterns, and industry-specific risks, researchers can develop targeted strategies to mitigate cyber threats effectively. Organizations must utilize the insights from the DBIR to inform their cybersecurity practices, proactively detect and respond to security incidents, and continuously evolve their defenses. Together, we can build a more secure digital landscape and protect critical assets' integrity, confidentiality, and availability in the face of evolving cyber threats.

Start your free trial with Keepnet and see how we can help you handle human risk management issues and share threat intelligence among trusted communities.

Editor's Note: This blog was updated on November 22, 2024.

SHARE ON

twitter
linkedin
facebook

Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.
iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate