It’s time for businesses to start people-proofing their systems. According to Verizon’s 16th Annual Data Breach Investigations Report released today, 74 percent of all breaches include the human element through error, privilege misuse, social engineering, or use of stolen credentials.
Whether it was falling for a phishing email, errors, or misusing their access to computer systems, nearly three quarters of breaches last year involved humans doing something wrong, according to Verizon.
For the 2023 report, Verizon looked at 16,312 security incidents – of which 5,199 were confirmed breaches – between Nov. 1, 2021, and Oct. 31, 2022.
Verizon found that most threats came from outside the organization – 83 percent – but insiders can be dangerous too, with 19 percent of data breaches involving internal forces.
One of the associated factors is business email compromise attacks – which is a kind of scam where the criminals try to trick someone into transferring money to them, often by posing as someone else.
These are one of the costliest scams, Verizon said. According to the report, the median loss in recent years from business email compromise is $50,000.
While phishing is still a very popular attack method, pretexting – when someone uses a fake story to trick a victim into doing something – is more popular, the report states.
Pretexting now accounts for 50 percent of social engineering attacks that rely on manipulating a victim – nearly double last year’s total. The report cites that phishing still accounts for 44 percent.
Verizon also found that ransomware incidents held steady at 24 percent of breaches. However, ransomware was everywhere: 91 percent of industries cited ransomware as one of the top issues they dealt with over the 12-month period.
It should come as no surprise that cyberattacks are almost always about the money.
Ninety-five percent of data breaches are financially driven, and, over the last two years, Verizon’s annual report found the median cost of ransomware has doubled from $13,000 to $26,000.
The Verizon report also found that the public administration, information, and financial and insurance sectors were the highest hit victim organizations when it came to cyberattacks – each clocking thousands of incidents in one year.
Small businesses were also hit more frequently from cyberattacks compared to large businesses, and North America took the top spot in cybercrime incidents globally – with Verizon finding 9,036 incidents on the continent, 1,924 of which had confirmed data disclosure.