The recently released Verizon Data Breach Investigations Report (DBIR) has shed light on the primary ways attackers gain unauthorized access to organizations. The report reveals that 83% of breaches involved external factors, mostly driven by financial motives, while 74% of breaches involved the human element, including social engineering attacks, errors or misuse. The statistics presented in the report are derived from real-world breaches and incidents investigated by the Verizon Threat Research Advisory Center (VTRAC).
Verizon's analysis encompassed 16,312 security incidents, out of which 5,199 were confirmed breaches. By examining incident patterns over time, the report shows that Denial of Service (DoS) attacks continue to be prevalent, with a notable increase in system intrusion incidents, often involving multistep attack techniques.
Social engineering attacks were found to be particularly effective and lucrative for cybercriminals, with Business Email Compromise (BEC) attacks, essentially pretexting attacks, accounting for over 50% of incidents falling under the Social Engineering category.
Regarding the specific methods employed by attackers, the report highlights three primary avenues of access: stolen credentials, phishing and exploitation of vulnerabilities.
Taking a macro-regional perspective, the report reveals that in Northern America (NA), Verizon investigated 9,036 incidents, of which 1,924 confirmed data disclosure. The prominent incident patterns observed in this region included system intrusion, basic web application attacks and social engineering attacks. Notably, 94% of the threat actors were external, 12% were internal, 9% involved multiple actors, and 2% were attributed to partner actors. The compromised data in this region primarily consisted of credentials (67%), internal information (50%) and personal data (38%).
In the Latin America and the Caribbean (LAC) region, a smaller number of incidents (535) were examined, and only 65 were confirmed as data disclosure cases. System compromises accounted for the majority of compromised data at 55%, followed by internal information (32%), classified data (23%) and credentials (23%).
In terms of industry analysis, Verizon extensively studied incidents within the public administration sector, comprising the largest number of incidents (3,237), with 584 confirmed data disclosures. This sector consistently ranks high in breaches motivated by espionage and exhibits a significant number of incidents involving multiple actors.