26.1k unique visitors in the last 3 days

5 Takeaways from the Verizon Data Breach Investigations Report 2023

It is no surprise that crime motivates most breaches but not all the findings are consistent with the attacks described by telcos.

Each year the Verizon Data Breach Investigations Report (DBIR) provides an authoritative examination of confirmed breaches and reported incidents that occurred during the previous 12 months. Their work covers breaches suffered by all kinds of organizations but telcos should draw upon this resource to help them understand how to protect their customers as well as themselves. Here are five key takeaways from the recently-published 2023 report.

It’s People, Stupid

74 percent of all breaches involve a human element, and 83 percent involved an actor from outside the organization that was breached. Financial gain was the motivation for 95 percent of breaches, with organized crime causing two-thirds of breaches.

19 percent of breaches involved an internal actor; relatively few breaches involved both an internal and external actor at the same time. This contrasts with the anecdotal experience of telco staff being targeted by bribes and social engineering attacks as a stepping stone towards compromising the telco’s systems or gaining control of a phone user’s account.

Ransomware Is Bad but Not Getting Worse

Ransomware caused 24 percent of all breaches covered by the 2023 report, the same proportion as cited in the 2022 report, though it does feature in a slightly larger share of incidents than before. The influence of organized crime becomes especially evident when considering that it is three times more likely that data will be obscured rather than lost.

Your Phone May Be Gone but It Is Not Forgotten

There were around 1,500 incidents involving a lost or stolen mobile phone. Most were lost by accident. It is tempting to improve employee security through training and other forms of awareness-raising, but the loss of so many phones highlights the limits of what can be accomplished by simply telling staff to be more careful. Data on end-user devices should be encrypted and organizations need the ability to lock and wipe portable devices that have gone missing.

Cryptocurrency Is a Magnet for Hackers

The number of breaches involving cryptocurrency has multiplied by a factor of four since the previous year. Some attacks target actual cryptocurrency networks and exchanges whilst others simply steal the credentials of users so their wallets can be raided.

This finding aligns with the experience of telcos and customers who have been hit by SIM swap fraudsters. SIM swaps often target individuals known to have large cryptocurrency holdings, with the fraudster using the phone account as a gateway to raiding the victim’s cryptocurrency wallet.

With data now being a literal form of money, perhaps it is time to start referring to money breaches as well as data breaches.

The War in Ukraine Has Not Moved the Dials (as Far as We Can Tell)

There has been no significant shift in the number of breaches motivated by espionage or conducted by hackers associated with nation-states. The authors reason this is because few organizations are of interest to nation-state hackers, whilst many more organizations are of interest to criminals or have employees who make mistakes.

However, it is always worth retaining a degree of skepticism about whether the data that has been reviewed is truly comprehensive. Other factors may influence the extent to which nation-state hacking is reported. For example, more than half of the planet is covered by the region described as ‘Asia Pacific’ but the number of confirmed breaches for AsiaPac was less than 9 percent of the number reported for North America. 39 percent of reported breaches in AsiaPac were said to be motivated by espionage, a far higher proportion than any other region. Financial gain was the motive for over 90 percent of breaches in every region but AsiaPac, where it was the stated motive for only 61 percent of breaches. This is inconsistent with AsiaPac telcos observing a surge of smishing and SIM swap frauds.

Cultural norms have an enormous influence on the collection of data like this, as demonstrated by international disparities in crime statistics. The DBIR is an excellent report but remains reliant on methods of gathering data that do not deliver truly comparable figures from country to country.

Get Your Copy

The Verizon DBIR is well worth a read. If you do not have time to digest all 89 pages then skim through the contents or look out for the webinars involving the authors. However, as the goal is to encourage good data security and hygiene, it is rather cheeky that a misleading registration form asks for your personal data when you do not really need to give any. The PDF of the full report can be obtained without registration, from here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email