Estimated reading time: 1 minute, 29 seconds

Verizon Flags Social Engineering, Ransomware in 2023 Report  

Social engineering attacks continue to rise, while ransomware is still a major threat to organizations. Those are a couple of takeaways from Verizon’s newly released 2023 Data Breach Investigations Report.

VerizonVerizon’s 16th annual study breaks down 16,132 security incidents that took place between November 1, 2021, and October 31, 2022, of which 5,199 were confirmed data breaches.

The report highlights an increase in social engineering attacks, which now account for 10% of incidents and 17% of breaches. Such attacks “are often very effective and extremely lucrative for cybercriminals,” according to Verizon.

Verizon says the upward trend in social engineering is largely due to pretexting attacks, which involve manipulating the victim into revealing sensitive information, doubling since last year. That includes business email compromise (BEC) attacks, which is where threat actors impersonate enterprise employees for financial gain. Losses to BEC attacks rose to a median of $50,000 in 2022, up from slightly more than $30,000 in 2018.

Chris Novak, managing director of cybersecurity consulting at Verizon Business and manager of the DBIR, told TechTarget that social engineering attacks are in favor with hackers now because, as organizations upgrade their products and services, people are “the squishy, soft spots of the organization.”

Ransomware attacks have held steady. Such attacks accounted for 24% of incidents, a slight increase from last year, and 15.5% of breaches, a modest decline, according to Verizon. While only 7% of ransomware attacks involved financial losses, the median losses have more than doubled since last year to $26,000.

David Hylender, DBIR co-author and senior manager for Threat Intelligence at Verizon said in a webinar that ransomware is “ubiquitous,” as SDxCentral reports. “It’s in large organizations, small to medium businesses, very small organizations, it doesn’t matter geographically, it doesn’t really matter industry vertical wise, ransomware is a huge threat just across the board for any organization,” Highlander said.


Read 1935 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.