Tuesday, 6 June 2023

Verizon’s latest Data Breach Investigations Report 2023 has landed with some surprising findings.

While 95 per cent of the global breaches reported were financially motivated, here in the Asia Pacific region the figure was only 61 per cent. The rest – 39 per cent – was classified as espionage[1].

The report doesn’t define espionage activity specifically; however, this aligns with KordaMentha’s recent experience in breach investigations and the increase in internal intellectual property (IP) theft. As the Covid-19 lockdowns ceased and Australia experienced what came to be known as “The Great Resignation”, we saw a large increase in internal data breaches. Many of these were from employees – disgruntled and otherwise – illegally accessing and downloading intellectual property to take with them as a commercial advantage in a new position or their own business. Often this was material outside their role, including client data, price lists and customer lists as well as commercial IP.

All this was made easier with the almost universal use of remote access for employees working from home during lockdowns. At the time, many organisations were more concerned with providing quick and easy access (often through cloud-based platforms) to their workforce unexpectedly working from home than setting up robust system security. They needed to keep their business afloat but the more accessible the data is, the greater the risk.

What those employees didn’t realise is their actions can be tracked. Most organisations using platforms such as Microsoft 365, provide functionality to investigate email, downloads, file access and other activity. To spy on the spy, so to speak. But only where legally necessary, of course.

So, let’s put this localised aspect into global context. Verizon is one of the largest communication technology companies in the world. This is their 20th investigation report and the second to which KordaMentha has contributed. It examines 16,312[2] incidents, giving the global statistics that verify what those of us working in the field see daily.

In the year covered by this report – November 2021 to October 2022 – breaches via what they term Business Email Compromise almost doubled[3], representing more than half the social engineering type of breaches. As we’ve seen in our own investigations, social engineering has become increasingly sophisticated. Gone are the days of unlikely scenarios of Nigerian princes and wins in lotteries to which you didn’t buy a ticket. The scammers now use artificial intelligence to correct their language and the internet to give them social insights that make their scenarios relevant, credible and much harder to detect. Like tax office messages at tax time and parcel delivery options. Almost everyone is expecting a parcel, right? The report says these types of incidents more than doubled during the period[4].

Ransomware incidents remained static at 24 per cent but were still the most common type of action[5] and were reported across all types of organisations and industries, remaining a significant problem. This was the method favoured in 62 per cent of incidents committed by organised crime and 59 per cent of those with financial motivation. An alarming statistic is that of the incidents with loss, the median loss value more than doubled to USD26,000, with some as high as USD2.25 million[6].

The eternal takeaway remains that the human element is still the biggest risk, present in 74 per cent of breaches[7]. Our clients tell us this, too, with increasing requests from business C-suite for help not just with systems security and investigations, but with staff security awareness training that is up-to-date with the latest evolution in threat actor methodology.

So yes, people remain the biggest risk, but they’re also the best defence. And ongoing education is the weapon.

[1] Verizon, Verizon 2023 Data Breach Investigations Report (6 June 2023) [70] <verizon.com/dbir>
[2] Ibid [7].
[3] Ibid [31].
[4] Ibid.
[5] Ibid [27].
[6] Ibid [30].
[7] Ibid [8].