Cybersecurity insights: What business leaders need to know

It comes as no surprise that cybersecurity is an organizational imperative across industries and sectors. The increasing digitization of business and government has unlocked new capabilities and opportunities, but it has also created new vulnerabilities. A manufacturer that connects IoT devices across their supply chain, for example, unlocks unprecedented visibility and insight, but they also create new potential points of entry for malicious actors.

Every technological innovation throughout human history has come with associated risk. This shouldn’t deter us from developing such innovations; rather, it should keep us vigilant. That’s why Verizon Business is wholly dedicated to helping secure networks and providing our customers with all the tools they need to help protect their data and intellectual property.

Understanding the threat is integral to minimizing it, which is why the Data Breach Investigations Report (DBIR) is so important. Thanks to the peerless work of our DBIR team, this report, now in its sixteenth year, has become the go-to report for cybersecurity insights. Here are some of the key findings of this year’s report:

The human element continues to be a major factor

The general perception of hackers and other threat actors is that they are technology experts utilizing cutting-edge, sophisticated means to gain entry into a network. The reality, however, is that the overwhelming majority of incidents and most breaches (74%) occur because of the human element, which refers to human error, privilege misuse, use of stolen credentials, or social engineering.

In short, people make mistakes or they’re manipulated, exposing a network to the malicious actions of a threat actor. Incidents and breaches related to the human element remain pervasive in spite of enterprises prioritizing cybersecurity education and training in recent years.

Social engineering is on the rise

One of the most common ways to exploit the human element is social engineering, a tactic that aims to manipulate network users into divulging private information, network access or other sensitive data. Social engineering incidents have increased largely due to pretexting, which doubled last year.

Pretexting is a form of social engineering in which a malicious actor pretends to be a colleague or trusted institution in order to obtain sensitive information from a network user. Its increasing effectiveness is likely proportional to its growing sophistication. This becomes especially worrying in the context of emerging technologies like generative AI, whose advanced natural language processing capabilities could be used to mimic the speech patterns of individuals. This iteration of generative AI is too new to have shown up in this report, but it would be no surprise to see it appear in future iterations.

The importance of consistency

Pretexting is often employed in business email compromise (BEC) attacks in which a cybercriminal obtains access to a business email account in order to impersonate the owner’s identity. The median amount stolen in a BEC attack has increased over the last couple of years to $50,000 USD.

BEC isn’t the only type of attack that has become more costly. The median cost per ransomware incident doubled over the past two years, with 95% of ransomware incidents that experienced a loss costing between $1 million and $2.25 million.

Often, those who have access to an organization’s most sensitive information are those who are most vulnerable to cyber attacks: senior leadership. Though enterprises have been investing in cybersecurity and upgrading critical infrastructures, they often make exceptions for senior leadership, which only undermines their broader cybersecurity efforts. To be effective in defending against evolving cyber threats, enterprises must apply cybersecurity protocols without exception.

Conclusion

As we at Verizon Business work to drive our clients to digitize and differentiate, this year’s DBIR is yet another reminder of the need to keep cybersecurity awareness at the forefront for businesses. We will continue to leverage the findings in this report to educate and guide customers as to the best ways to protect their business assets and not let cybersecurity missteps get in the way of organizational innovation.