Top 5 Observations from the 2023 Verizon DBIR

In 2023, it’s imperative to know what your business is up against in order to begin securing your data and ensuring the success of your business. With 83% of breaches involving financially motivated external actors, 74% involving a human element of social engineering attacks, errors, or misuse, and 50% (double of last year) of those social engineering attacks being pretexting incidents, it’s been time for organizations to pay attention and get ahead.

In the rapidly evolving landscape of cybersecurity, these stats are not just numbers but an indication of the rising severity of cybercrime. Staying ahead of the latest threats and vulnerabilities is paramount for organizations. The recently published Verizon Database Breach Investigations Report (DBIR) provides valuable insights into the importance of fundamental security measures. 

Below we will detail the 5 most important observations from the report and how the right cybersecurity services can assist organizations in addressing current and potential security failures; including the significance of unique passwords, multi-factor authentication (MFA), user training, timely patching, and more.

• Combatting Business Email Compromise and Ransomware

Verizon’s DBIR reveals a concerning rise in Business Email Compromise (BEC) attacks, with a nearly 50% increase compared to the previous year. Protecting your organization starts with addressing the basics. Thrive offers comprehensive security solutions that enable the implementation of strong passwords, MFA, and user training programs to enhance resilience against BEC attacks and ransomware.

• Prioritizing Timely Patching and Software Bill of Materials (SBOM)

The report emphasizes the importance of prompt patching, especially in the context of vulnerabilities like the Log4j vulnerability. Verizon highlights the significance of having a Software Bill of Materials (SBOM) to expedite vulnerability identification. Thrive’s advanced patch management system enables organizations to stay ahead by proactively addressing vulnerabilities. Our services offer enhanced response time and risk reduction associated with vulnerabilities.

• Strengthening Security with Multi-Factor Authentication (MFA)

Stolen credentials and vulnerabilities account for almost 24% of breaches, as highlighted by Verizon’s report. Implementing MFA is crucial in safeguarding user accounts. Thrive offers a robust MFA framework, supporting various authentication factors, including password security, biometrics, and hardware tokens. By leveraging MFA, organizations can fortify their security defenses against credential theft and significantly reduce the risk of successful cyberattacks.

• Cultivating a Culture of User Awareness and Training

End-user training plays a vital role in combatting cyber threats. Verizon emphasizes the need to educate users on identifying phishing and social engineering attempts as a second line of defense if and when systems fail. Thrive enables end users to have power over their data,  equipping employees with the knowledge and skills to recognize and mitigate potential threats. By fostering a culture of cybersecurity awareness, organizations can empower their workforce to be the first line of defense against cyber attacks.

• Embracing Proactive Patch Management

Verizon’s report highlights the persistent challenge of delayed patching – with an average delay of 49 days, organizations of any size can’t risk that type of security gap. Thrive emphasizes the importance of a standardized patch cycle to ensure timely remediation of vulnerabilities. By leveraging our Vulnerability Management Solutions and patch management capabilities, organizations can proactively address vulnerabilities, reducing the window of opportunity for cybercriminals to exploit weaknesses.

The 2023 Verizon Database Breach Investigations Report re-iterates that while the flashy attacks attract the news organizations, the basics of using unique passwords, forcing users to use MFA, and training users to spot phishing and social engineering attacks will go a long way to protect your organization. As the threat landscape continues to evolve, Thrive stands ready to help companies go back to the basics while also being a trusted partner in navigating where to turn next in your security journey, such as an AI-enabled cybersecurity mesh architecture. Contact Thrive to set up a consultation and learn more.