The human element is driving breaches
The new Verizon Data Breach Investigation Report 2023 (DBIR) is out and offers some interesting insights:
overall, the vast majority of breaches are caused by the human element: stolen credentials or phishing accounts for 3/4 of breaches. This underscores the importance of continuous security awareness training and phishing resistant multifactor authentication (see here).
the remaining is mostly down to exploitations of software vulnerabilities, which are actually becoming slightly less visible.
organized crime and financial motives are the main driver of breaches. Nation-state sponsored attacks are actually relatively infrequent, even less prominent than internal users' misuse or errors (remember, complexity breeds errors and increases risks).
a ransomware element is present in roughly 1/4 of all breaches, with the most frequent delivery vector being email.
Full Verizon DBIR 2023 report available here: https://www.verizon.com/business/resources/reports/dbir/
