Fraud Management & Cybercrime , Ransomware , Social Engineering

Highlights of Verizon Data Breach Investigations Report 2023

Report's Lead Author Shares Top Findings, Best Practices
Alex Pinto, senior manager, Verizon Threat Research Advisory Center

Pretexting incidents, a social engineering technique that manipulates victims into divulging information, have nearly doubled since last year and now represent 50% of all social engineering attacks, according to Verizon's 16th annual 2023 Data Breach Investigations Report, which analyzed more than 16,312 security incidents, including 5,199 confirmed data breaches.

See Also: 10 Belt-Tightening Tips for CISOs to Weather the Downturn

Social engineering fueled a rise in basic web application attacks, breaches and incidents, which represent approximately one-fourth of Verizon's data set. Web application attacks are most prevalent in the financial services sector, and findings show that 86% of such attacks involved the use of stolen credentials to "get into an API, get into a financial institution or someone's bank account even," which is "still a relatively simple endeavor," said Alex Pinto, lead author of the report and senior manager of the Verizon Threat Research Advisory Center.

While ransomware continued to be a major reason for a breach, the share of ransomware held steady at 24% last year. Ransomware attacks may not be growing as quickly, he said, but added, "I wouldn't count them out yet."

In this video interview with Information Security Media Group, Pinto discusses:

  • An overview of findings from the 2023 Data Breach Investigations Report;
  • The trends behinds the recent high-profile breaches resulting from application and API attacks;
  • Insights from the report for security leaders and their teams.

Pinto's team at the Verizon Threat Research Advisory Center is responsible for the annual report as well as security research and thought leadership for the organization. He joined Verizon in 2018, after it acquired his machine learning-based network detection company Niddel. He has over 20 years of experience in building security solutions that focus on the application of data science to cybersecurity.


About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.