Business email compromise (BEC) is a category of cybercrime where malicious actors try to manipulate or compromise email accounts within an organization usually trying to gain access to sensitive information or social engineer someone to transfer money. Common examples: One example is Spear Phishing, this is where the malicious actor [...]
The Verizon Data Breach Investigations report(DBIR) Small and Medium Business Snapshot is in. They examined 16,312 security incidents, of which 5,199 were confirmed as Data breaches.
The data represented in the report is from real-world breaches and incidents investigated by the Verizon Threat Reseach Advisory Center (VTRAC), or provided to them by global contributors. You can find the report at https://www.verizon.com/business/resources/Td23/reports/2023-dbir-smb-snapshot.pdf
According to the report Business Email Compromise (BEC) was a key issue. BEC attacks doubled across the entire incident dataset, and represent more than 50% of incidents within the Social Engineering pattern.
According to the report 74% of all breaches included the human element, with people being involved whether via error, Privilege Misuse, use of stolen credentials or social engineering.
83% of breached involved External actors, and the primary motivation for attacks continues to be overwhelmingly financially driven, at 95% of breaches.
49% of breaches involved credentials or 4,396 breaches, while another 24% involved Ransomware.
The three primary ways in which attackers accessed organizations were stolen credentials, phishing and exploitation of vulnerabilities.Within the 4291 incidents roughly 45% were credentials.
Ransomware remains a top action type. Ransomware continues its reign as one of the top action types present in breaches, and while it did not actually grow, it did hold statistically steady at 24% according to Verizon.
Some of the patterns discussed in the Report are System Intrusion, Social Engineering, and Basic Web Application Attacks. Some highlights from these patterns include:
System Intrusion – 80% of System Intrusion incidents involved Ransomware.
Social Engineering – Based on IC3 data, the median amount stolen from these attacks has increased over the last couple years to $50,000.
Basic Web Application Attacks- 86% of Basic Web Application Attacks breaches involved the use of stolen credentials.
From the report the following table highlights some statistics for SMBs:
If you want to see the full report you can locate it here: https://www.verizon.com/business/resources/Td23/reports/2023-dbir-smb-snapshot.pdf
If you are needing help to secure your environment we are here to help! Contact us for a free consultation, and we can see how we can Enable you to Operate Securely.
A data breach can have significant and sometimes devastating consequences for a small business. Here’s how it can affect a small business, along with some cost and statistics associated with ...
Business email compromise (BEC) is a category of cybercrime where malicious actors try to manipulate or compromise email accounts within an organization usually trying to gain access to sensitive information or social engineer someone to transfer money. Common examples: One example is Spear Phishing, this is where the malicious actor targets a specific individual within ...
