Watch: What the 2023 Verizon Data Breach Investigations Report Means for Your Manufacturing Business

Date June 28, 2023
Article Authors

Highlights of the July 19, 2023, HBK Risk Advisory Services webinar hosted by William J. Heaven, CPA/CITP. CISA, CSCP, Senior Director, HBK Risk Advisory Services.

Watch On-Demand.

The Verizon Data Breach Investigations Report (DBIR) is based on data reported to Verizon by global expert cybersecurity firms. The primary purpose of the DBIR is to inform organizations about the cybersecurity threats they face and how to protect against them. The DBIR is considered a “go-to resource” by many in the cybersecurity field. It is a global snapshot of what’s going on in terms of cybersecurity incidents and breaches in various industries.

Background

The 2023 Report is the 16th annual edition; was released in June.

  • Highlights about 20 vertical industries
  • 67 contributing organizations
  • 16,312 incidents: 1800 targeted at manufacturing industry (11%)
  • 5,212 confirmed data breaches: 262 in manufacturing industry (5%)
  • Categorized by VERIS system: Vocabulary Event Recording and Incident Sharing.

  • Started tracking in 2010
  • Tracks eight patterns in a wide range of industries: denial of service, lost and stolen assets, miscellaneous errors, privilege misuse, social engineering, system intrusion, web applications, and everything else. Some attacks can be identified by more than one category.
  • Phishing is number one attack relative to lost and stolen assets, becoming more prevalent.

    Definitions:

  • Incident definition: a security event that compromises the integrity, confidentiality, or availability of an information asset
  • Breach definition: an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party
  • Reasons definitions exist include for cybersecurity insurance applications.
  • For selected industries—financial, healthcare, manufacturing, information, and professional—the top three threats are social engineering, system intrusion, and web applications.

    Why pay attention to DBIR?

  • The more you know about cyber threats you face, and what other companies in your industry are facing, the better your chances of keeping your data secure.
  • Helps you learn where to focus your attention.
  • The report is interesting as well as valuable.
  • Find the report via Google search or the Verizon.com/DBIR.

  • Full version is about 88 pages with an executive summary of less than 20 pages in length.
  • Also can get insider reports on particular industries.
  • Takeaways from the 2023 Report:

    Ways attackers get to your information:

  • Credentials
  • Phishing
  • Exploiting vulnerabilities
  • Advice: Educate employees about phishing, and scan for and patch your vulnerabilities: 74% of all breaches includes human element (errors, privilege misuse, or social engineering)

    Ransomware is still a big problem:

  • Increased by 13 percent in 2022 Report: more than previous five years combined.
  • Remains at same level in 2023 Report.
  • One in 4 cyber attacks involves ransomware.
  • Average cost to a company for a ransomware attack in 2022 was $4 million-plus.
  • Social engineering: incidence of pretexting rose

  • Half of all social engineering incidents used pretexting.
  • Business email compromises are common.
  • Errors continue as a trend:

  • Misdelivery (wrong recipient; 43% of breach errors)
  • Misconfiguration (21% of breach errors)
  • Publishing (showing to the wrong audience; 23% of breach errors)
  • Small and medium-size businesses

  • Used to be a large disconnect between occurrences in large versus smaller companies, but now moving closer together.
  • Patterns are virtually the same.
  • Large businesses tend to discover breaches sooner; they have more resources to identify they’re being breached.
  • Speak to one of our professionals about your organizational needs

    "*" indicates required fields

    HBK uses the contact information you provide to send you information about our products and services. You may unsubscribe from these communications any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.