Cybersecurity is a key concern for companies as well as countries and a recent Verizon Data Breach Investigations Report (DBIR) released last month analyses 5,199 confirmed data breaches and 16,312 security incidents which offer insights on how to keep the data safe.
The report describes an incident as a “security event that compromises the integrity, confidentiality or availability of an information asset” and a breach as “an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party.”
The incidents that the Verizon Data Breach Investigations Report analyses took place between November 1, 2021, and October 31, 2022.
Roadmap For Cybersecurity pic.twitter.com/8OSp2SdyBJ
— Security Trybe (@SecurityTrybe) July 12, 2023
The report reveals that 83% of the breaches involved outside parties, while internal individuals accounted for 19% of the cybersecurity issues. It also states, “Internal individuals are not only responsible for deliberate harm in these instances, but they are also just as likely to cause accidental actions.”
Financial motives were behind 94.6% of the incidents while espionage came a distant second.
Another key point of the report is the link between cybersecurity and virtual currencies. The report states, “This year, we noticed a fourfold rise in breaches related to cryptocurrency compared to last year. This is a significant change from the earlier days of 2020 and before, when we typically saw only one or two cases a year.”
Interestingly, the report did not find any major change in state-sponsored cyberattacks which might sound counterintuitive given the ongoing war in Ukraine.
Notably, according to Statista, between June 2021 and June 2022, over half of cyber-attacks by Russian state and state-affiliated groups targeted the US while the UK came second. Only 2% of cyberattacks targeted Ukraine.
Key Takeaways from Cybersecurity Report
The key takeaway from the report meanwhile is that “74% of all breaches include the human element with people being involved either via Error, Privilege Misuse, Use of stolen credentials or Social Engineering.”
The human element has historically been the biggest contributor to cybersecurity incidents. The report paints a sorry state of affairs of cybersecurity and noted that not enough is being done to even force attackers to “evolve their tactics because the old ones still work just fine.”
The report says that people get involved in breaches through “Error, Privilege Misuse, Use of stolen credentials or Social Engineering.”
If we can plug these long-known vulnerabilities, it would help in a big way in boosting cybersecurity defense.
The report adds that “The three primary ways in which attackers access an organization are stolen credentials, phishing and exploitation of vulnerabilities.” Credentials accounted for 49% of the total breaches and poor passwords have been “one of the leading causes of data breaches” for 15 years now.
MFA is a Good Defence Against Cyberattacks but Its Not Enough
The report says that one of the “best ways” we can plug this loophole is through the use of Multi-Factor Authentication (MFA).
Notably, CyberEdge’s 2022 annual Cyberthreat Defense Report (CDR) found that 43% of the surveyed companies were not using MFA which does not bode well for cybersecurity.
Meanwhile, while MFA is a good defense against cyberattacks it’s clearly not enough and the Verizon DBIR report says, “In some cases, criminals used social engineering to convince users to accept the authentication attempts. In other instances, they stole the session cookie and used it to masquerade as the user.”
According to Statista, the total value of cybercrimes was only $0.86 trillion in 2018 but is expected to rise to $23.82 trillion by 2027.
Cybersecurity for Small Businesses
Cybersecurity is important not only for large businesses but also for small enterprises. The FTC lists a framework through which small businesses can prepare themselves against cyberattacks.
It calls upon businesses to require strong passwords, use MFA, limit login attempts, and encrypt portable media like laptops and thumb drives. The rules would hold good for businesses of all sizes.
The NIST Cybersecurity Framework lists five areas: Identify, Protect, Detect, Respond, and Recover. It also calls upon companies to create and share a cybersecurity policy that covers “roles and responsibilities for employees, vendors, and anyone else with access to sensitive data.”
All said, as the world economy continues to pivot to a digital future, cybersecurity would become increasingly important for individuals, companies, as well as countries.
Incidentally, cyberattacks made the food shortage situation of 2021 even worse as global meat giant JBS was hit with a cyberattack. With an increasing number of companies pivoting to AI, cybersecurity might also get even more attention than it has hitherto done.
Related Stock News and Analysis
What's the Best Crypto to Buy Now?
- B2C Listed the Top Rated Cryptocurrencies for 2023
- Get Early Access to Presales & Private Sales
- KYC Verified & Audited, Public Teams
- Most Voted for Tokens on CoinSniper
- Upcoming Listings on Exchanges, NFT Drops