Business email compromise (BEC) is a category of cybercrime where malicious actors try to manipulate or compromise email accounts within an organization usually trying to gain access to sensitive information or social engineer someone to transfer money. Common examples: One example is Spear Phishing, this is where the malicious actor [...]
The Verizon Data Breach Investigations report(DBIR) Small and Medium Business Snapshot is in. They examined 16,312 security incidents, of which 5,199 were confirmed as Data breaches.
The data represented in the report is from real-world breaches and incidents investigated by the Verizon Threat Reseach Advisory Center (VTRAC), or provided to them by global contributors. You can find the report at https://www.verizon.com/business/resources/Td23/reports/2023-dbir-smb-snapshot.pdf
According to the report Business Email Compromise (BEC) was a key issue. BEC attacks doubled across the entire incident dataset, and represent more than 50% of incidents within the Social Engineering pattern.
According to the report 74% of all breaches included the human element, with people being involved whether via error, Privilege Misuse, use of stolen credentials or social engineering.
83% of breached involved External actors, and the primary motivation for attacks continues to be overwhelmingly financially driven, at 95% of breaches.
49% of breaches involved credentials or 4,396 breaches, while another 24% involved Ransomware.
The three primary ways in which attackers accessed organizations were stolen credentials, phishing and exploitation of vulnerabilities.Within the 4291 incidents roughly 45% were credentials.
Ransomware remains a top action type. Ransomware continues its reign as one of the top action types present in breaches, and while it did not actually grow, it did hold statistically steady at 24% according to Verizon.
Some of the patterns discussed in the Report are System Intrusion, Social Engineering, and Basic Web Application Attacks. Some highlights from these patterns include:
System Intrusion – 80% of System Intrusion incidents involved Ransomware.
Social Engineering – Based on IC3 data, the median amount stolen from these attacks has increased over the last couple years to $50,000.
Basic Web Application Attacks- 86% of Basic Web Application Attacks breaches involved the use of stolen credentials.
From the report the following table highlights some statistics for SMBs:
If you want to see the full report you can locate it here: https://www.verizon.com/business/resources/Td23/reports/2023-dbir-smb-snapshot.pdf
If you are needing help to secure your environment we are here to help! Contact us for a free consultation, and we can see how we can Enable you to Operate Securely.
A data breach can have significant and sometimes devastating consequences for a small business. Here’s how it can affect a small business, along with some cost and statistics associated with ...
Business email compromise (BEC) is a category of cybercrime where malicious actors try to manipulate or compromise email accounts within an organization usually trying to gain access to sensitive information or social engineer someone to transfer money. Common examples: One example is Spear Phishing, this is where the malicious actor targets a specific individual within ...
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.