2023 Data Breach Chronicles: Read it and Weep (or laugh)!

Fasten your virtual seatbelts, because the cyber scam landscape is shifting gears! Business email compromises and social engineering tactics are stepping into the spotlight, leaving the once infamous Nigerian prince scams eating their dust.

Our old scammer pals decided to upskill - they've ditched the cardboard cutouts for some high-quality digital disguises. These new schemes are smoother than a seasoned salsa dancer and harder to spot than Waldo in a crowd. They're still pretty rare, but don't get too comfy. With AI on the rise, we're poised on the brink of a new era of cyber trickery. We're talking less "Nigerian Prince with a cash flow problem" and more "Leonardo DiCaprio in Catch Me If You Can". Brace yourself for the con artist 2.0...

We delved into the latest 2023 Verizon Data Breach Incident Report and emerged with some eye-popping insights!

Remember when everyone warned you about creating strong passwords? Well, they weren't kidding! Around 50% of data breaches involve poor credentials, whereas less than 20% are due to phishing. So, folks, buckle up and get yourself a password manager! Install the browser plugin and the mobile app and use it to create your passwords. Major security upgrade.

Now, let's talk about our nemesis: Ransomware. It's been holding steady, not really growing, but making up around a quarter of all issues. The twist? 93% of ransomware incidents didn't result in any loss! But when they do hit, boy, do they hit hard! The costs can vary, but the median sits at a cool $26,000. However, for the unluckiest out there, you could be shelling out between $700k to a staggering $2.2MM.

Who's the villain in this story? Mostly, it's financially motivated organized crime groups - they're behind about two-thirds of these incidents. You're playing the game whether you like it or not. Bigger companies or those with lots of juicy IP - you're most likely to be targeted by espionage-motivated state-affiliated groups. So, watch your back!

How does this happen?

• Web apps: If you're hosting a web app, for heaven's sake, get it tested, follow the hardening guidelines, and segment your infrastructure.
• Emails: Stick with the big players like Google or Microsoft. Secure your DNS, use an anti-phishing plugin, and get some scam training under your belt!
• Desktop sharing software: Remember our chat about passwords? Yeah, use good ones! Oh, and don't forget MFA. It's easier than you might think.
• Carelessness: Keep your providers in check. Regular cyber-health checkups can save you a lot of trouble down the line!

And what about those pesky phishing emails? There were around 1700 reported incidents, and nearly 1000 resulted in actual data loss.

• Statistically, around 5% of people fall for phishes, with about 2% entering data.
• What's the fallout? Over half of these savvy attackers log into your email (another reason to use MFA, folks!), hijack your conversations, set up forwarding rules, or send more phishing emails. And, the average cost of these "Business Email Compromise" attacks? A hefty $50,000.
• Think about it - with just 20 employees, at any given time someone will fall for a phishing email. With 200 employees, at least 4 are giving up their passwords.

So, what's the game plan?

• Back up your data and test the recovery process.
• Use strong passwords (yep, we're repeating ourselves!)
• Remove accounts as people leave your organization.
• Always require MFA (aka 2-step verification) for important websites and remote network access.

To conclude, here's a quick round-up by sector:

Finance

• 1800 incidents (~11%)
• 480 with data loss - mostly due to basic web app flaws and server hacking

Manufacturing

• 1817 incidents (~11%)
• 262 with confirmed data loss - mainly due to system hacking, social engineering, and basic web app flaws

Healthcare

• 525 incidents (3%)
• 436 with data disclosure - predominantly from basic web app attacks and common errors

So, that's the 2023 rundown. The landscape might look grim, but with knowledge and preparedness, you can navigate it like a pro. Until next time, stay safe out there!

Get in touch today!

Contact: [email protected]

Adversis: https://adversis.io

Adversis ACS: https://acs.adversis.io