The majority of data breaches in the past year were caused by human error, including falling for social engineering attacks, making errors, and even employees maliciously using their access, according to Verizon’s 2023 Data Breach Investigations Report. The report, which analyzed over 16,312 security incidents, found that 74% of breaches involved human failure. Social engineering attacks have nearly doubled since last year, accounting for 17% of all breaches. These findings underline the importance of organizations focusing on improving the cybersecurity hygiene of their employees, implementing multifactor authentication, and collaborating with other organizations on threat intelligence.
The median cost of a ransomware attack has doubled since last year, reaching into the million-dollar range. Ransomware events made up one-quarter of all breaches, accounting for about 59% of incidents overall. The report also revealed that all industries were at risk of data breaches, with the finance and insurance, manufacturing, and information sectors targeted the most.
The report outlined that financially motivated external threat actors were the cause of 83% of breaches, with insider threats only accounting for 19% of incidents. The report also noted that external actors mainly used stolen credentials, phishing, and exploiting vulnerabilities as methods of breaching organizations. Furthermore, socially engineered incidents were primarily driven by financial motivations, with 50% of all social engineering attacks being related to pretexting, which is commonly used in business email compromise attacks.
The report suggests that to prevent ransomware and stem the tide of breaches, organizations should encourage basic security hygiene among employees, implement multifactor authentication, and develop a range of cybersecurity partnerships. Moving away from simple two-factor authentication using one-time passwords and adopting strong authentication like FIDO2 is essential in achieving this goal.
In conclusion, organizations need to focus more on cybersecurity basics and employee education to mitigate the prevalence of human error contributing to data breaches. Implementing multifactor authentication and collaborating with institutions across organizations on threat intelligence is also essential in strengthening cybersecurity defenses.