Verizon 2023 DBIR: The Missing Pieces you Need to Take Action

Verizon 2023 DBIR-Bitsight perspective
Written by Noah Stone
Senior Manager, Thought Leadership

Verizon’s much anticipated 2023 Data Breach Investigations Report (DBIR) has hit the market and we have the missing pieces you need to convert its findings into action. In this blog, we’ll break down:

  • The top cyber risk challenges that stood out to us in this year’s DBIR;
  • Why and how these challenges continue to be an issue; and
  • How you can use data to understand and overcome these challenges.

 

Verizon’s 2023 DBIR: A World Class Study with Valuable Insights

Every year, Verizon publishes its DBIR, a high-profile study diving deep into the latest cyber risk trends. Leveraging data providers like Bitsight, Verizon studied over 16,000 cybersecurity incidents and over 5,000 confirmed data breaches to identify key trends across incidents, breaches, and more. Security professionals around the world leverage the report’s findings to better inform their cybersecurity programs and protect their organizations from the latest cyber risks.

Bitsight is proud to have contributed over 4,000 incidents to the Verizon 2023 DBIR.

Triple Threat: External Attackers, Vulnerabilities, and Ransomware

Below are the three challenges that stood out to us in this year’s report, each paired with their respective DBIR quotes:

  1. External attackers are overwhelmingly responsible for breaches.
    “83% of breaches involved External actors.”
     
  2. Vulnerabilities are a persistent and serious risk.
    “The three primary ways in which attackers access an organization are…exploitation of vulnerabilities.”
     
  3. Contrary to conventional wisdom, ransomware remains a major risk.
    “Ransomware continues its reign as one of the top Action types present in breaches…statistically steady at 24%.”

Now let’s add the missing pieces of the puzzle so you can take action now.

Want to prevent a breach? Focus on your external attack surface.

Nearly all breaches studied in the Verizon 2023 DBIR involved an external threat actor, all the reason why your external attack surface — or all the assets an external threat actor can leverage to attack your systems — should be a critical security priority.

But the concept of the expanding attack surface can make securing your own a bit tricky. A multitude of drivers are responsible for this trend, among them are:

  • Internet of things (IoT) proliferation: the mass adoption of IoT devices like webcams, GPS trackers, and other smart devices that add to your external attack surface.
  • Cloud adoption : As organizations increasingly shift their assets and infrastructure to the cloud, attacks on cloud services continue to rise.
  • Rising cyber assets inventories: Security teams have the daunting task of safeguarding an average of 165,000 cybersecurity assets, ranging from cloud-based devices, applications, data assets, and users.

Recent research shows just how dangerous IoT devices can be when adopted by your organization. In March, Bitsight identified thousands of organizations — including those in the Fortune 1000 — using insecure webcams and similar devices, allowing external attackers to view video and/or audio feeds. Deploying Internet-facing devices like those reported in the study increases an organization’s attack surface, and could potentially threaten your – and your third parties’ – internal systems and data.

Internet-connected Operational Technology (OT) also presents risks. Both opportunistic and advanced cyber threat actors have shown increased willingness to target industrial and operational sites. That’s why Schneider Electric, the global leader in the digital transformation of energy management and automation, and Bitsight announced a strategic partnership to develop a first-of-its-kind global OT Risk Identification and Threat Intelligence capability. The goal of this collaboration is to strengthen industrial security and provide more visibility into Industrial infrastructure and Industrial Control System (ICS) devices that may be at risk from a cyber breach.

The data are clear – to reduce the risk of experiencing a breach, focus on external attack surface management. And don’t forget about your third parties – if your third party gets breached, you could experience a whole host of complications.

Key challenges allow exploitation of vulnerabilities to be a persistent risk

Verizon’s 2023 DBIR found exploitation of vulnerabilities to be one of the top three ways attackers gain access to organizations but why and how can this be when organizations know how important vulnerability management is to organizational security?

The research continues to drive the point home – vulnerability management is critical to organizational cybersecurity but organizations are simply not doing enough to fight back against vulnerabilities. In fact, a recent study found that a mere 5 percent of organizations remediate the typical vulnerability per month, leaving the vast majority of organizations with unresolved issues after one month. In comes another 2023 DBIR finding:

  • “More than 32% of all Log4j vulnerability scanning— exploiting a flaw in this ubiquitous Java-based utility that can give control of your servers to hackers— occurred in the first 30 days after release.

Now, this is wildly concerning. On one hand, research shows that 95 percent of organizations don’t resolve a typical vulnerability in the first month, and on the other hand nearly one third of Log4j vulnerability scanning occurred in the first month after release. The takeaway? Attackers are quick to exploit vulnerabilities, and organizations are slow to remediate them. That’s a dangerous spot to be in, especially when the risk doesn’t end at your organization – a breach of your third party via vulnerability exploitation could result in IP compromise, depending on the extent of your data-sharing relationship with the impacted partner, and many more consequences.

But recent research provides valuable insight into building a better vulnerability management program. The Marsh McLennan Cyber Risk Analytics Center found that Bitsight’s Patching Cadence risk vector — a measure of an organization’s vulnerability management program — is most strongly correlated with cybersecurity incidents. Improving your organization’s patching cadence may just be one of the best ways to reduce your likelihood of experiencing an incident.

Attackers are leveraging vulnerabilities to access organizations but organizations continue to struggle to rapidly remediate vulnerabilities. Be your best in the fight by focusing on your vulnerability management program and tracking cybersecurity analytics with proven correlations to incidents, like Patching Cadence. And learn what you can do to become a “5-Percenter”, or an organization that remediates a new vulnerability within one month of observation.

Ransomware remains a major risk but research has answers

Exploitation of vulnerabilities can often lead to malware deployment like ransomware, where your data is encrypted and a ransom is demanded for you to get it back. Per the 2023 DBIR, for two years in a row, almost one quarter of breaches involved ransomware, raising concerns that the ubiquity of ransomware defenses may not be a panacea for ransomware avoidance. One likely reason for the persistence? Ransomware is present in nearly 60 percent of all incidents with financial motivation, leaving much room for growth.

Research to the rescue again! Bitsight research found underperformance across three key cybersecurity analytics to be most strongly correlated with an increased risk of experiencing a ransomware incident – TLS/SSL configurations, TLS/SSL certificates, and Patching Cadence. Note that Patching Cadence is strongly correlated with both ransomware and more generally, cybersecurity incidents.

Keep a close eye on the above analytics, both for your organization and for your third parties.

How everything comes together

External attackers, vulnerabilities, and ransomware. As much as we like to make distinctions between key cybersecurity challenges, these are all part of one overarching challenge – exposure management. Protecting against external attackers has everything to do with vulnerability management and ransomware prevention, not to mention management of cyber assets and more; and defending against vulnerabilities and ransomware feeds back in large part to external attack surface management. And these three challenges all feed back into the risk your expanding partner ecosystem presents to your organization. Viewing these key challenges as part of the same overall challenge can help you make tangible progress towards more robust organizational security.

How Bitsight can Help

Managing your external attack surface

If you can’t detect it, then you can’t protect against it, and external attackers love to see that. That’s where external attack surface management comes in – detecting and responding to cyber risk at scale. Bitsight Security Performance Management (SPM) offers key External Attack Surface Management (EASM) capabilities, helping your organization continuously discover its attack surface, identify where exposure exists, and prioritize remediating vulnerable areas of infrastructure.

Detecting vulnerabilities in your third-party ecosystem

Vulnerabilities and ransomware don’t need to present themselves first within your organization but rather, they can arise with a vendor. Managing vendor exposure to critical vulnerabilities quickly, effectively, and at scale is crucial to protect your network. When a major security event hits the news, how do you know which of your vendors is affected? How are they potentially exposing your organization? In the heat of the moment, you need to be able to answer these questions quickly and accurately.

With Bitsight’s Vulnerability Detection & Response capabilities, included in our Continuous Monitoring solution, you can gain insights into vendor exposure to vulnerabilities and take action on high-priority incidents impacting your vendors at a moment’s notice, while communicating critical information to board- and executive-level stakeholders during high-stress situations.

With Bitsight you can:

  • Detect, manage, and mitigate emerging zero day vulnerabilities in your vendor ecosystem with speed
  • Remediate risk more quickly and effectively with better prioritization of critical vendor response
  • Initiate and track vendor outreach at scale through built-in questionnaire capabilities
  • Confidently adhere to growing regulatory pressure with easy access to critical vulnerability data

Bitsight is your trusted partner in your journey to a stronger security posture. Contact us today to learn more!