Cybersecurity

DBIR 2023: Key Findings for the Asia-Pacific Region

Human Element Responsible for 74% of Incidents, Driven by Social Engineering
DBIR 2023: Key Findings for the Asia-Pacific Region
Image: Shutterstock

Verizon Business released the results of its 16th annual Data Breach Investigations Report (DBIR 2023), which examined 16,312 security incidents and 5,199 breaches in 81 countries. Similar trends were observed in EMEA and APAC regions, though there were variations in attack patterns over the years.

See Also: Navigating Network Transformation with the Convergence of SD-WAN and Security

Anshuman Sharma, associate director CSIRT and investigative response, APJ, Verizon Business said, "The findings of the 2023 Data Breach Investigations Report show that social engineering attacks have increased sharply with increased connectivity and advances in AI."

Pretexting or business email compromise (BEC) attacks made up 50% of all incidents. Pretexting is the ability to clone information and present it in a trustworthy manner - even inaccurate information - by exploiting human vulnerabilities.

The median amount stolen in BECs has increased over the last couple of years to $50,000, based on the Internet Crime Complaint Center (IC3) data, which might have contributed to pretexting nearly doubling this past year.

The human element is involved in three out of four breaches. One of the most common ways to exploit human nature is social engineering, which refers to manipulating an organization's sensitive information through tactics like phishing, in which a hacker convinces the user into clicking a malicious link or attachment.

APAC Trends

The key findings specific to the Asia-Pacific region, which includes Oceania, are:

  • 699 incidents were reported, 164 with confirmed data disclosure;
  • Social engineering, system intrusion and basic web application attacks dominate 93% of breaches;
  • Financial motives accounted for 61% of breaches, followed by espionage at 39%, convenience at 2%, grudge at 2% and secondary motives at 1%;
  • Data compromised in breaches comprised internal information at 56%, secrets at 42%, other data at 33%, and credentials at 29%;
  • Threat actors in breaches were 92% external, 9% internal, 2% partners and 2% multiple actors.

EMEA vs. APAC

Comparing attack patterns in EMEA with APAC, Chris Novak, managing director of cybersecurity consulting at Verizon Business, said the top three attacks - social engineering, system intrusion and web application attacks - may be common to both regions. However, the patterns "have been skewed by years." For instance, in the APAC region, social engineering peaked in 2021. But for EMEA, it peaked in 2022.

Comparing shifts in attack patterns between APAC and EMEA. Image: Verizon Business

"What's interesting in terms of some of these dynamics is we see almost like a time shift occurring. The activities themselves may be very similar. You see a pattern happening in North America, then it happens in EMEA, and then in APAC - or the other way around, depending on which way around the globe we're going," Novak said.

How APAC compares with EMEA in terms of attack patterns, threat actors and motives. Image: Verizon Business

Espionage Attacks

According to the DBIR, while espionage garners substantial media attention, owing to the current geopolitical climate, only 3% of threat actors were driven by espionage as a motive. The other 97% were motivated by financial gain.

Commenting on espionage attacks in APAC, Novak said "political alliances that surround activities" in Russia, Ukraine, China and Taiwan are "feeding into a lot of those attacks."

"We're seeing an increase in nation state [attacks], across the board looking at cyber as the next or even the current tool in these physical espionage attacks," Novak said.

For decades, nations have resorted to using spies on the ground, who try to infiltrate sensitive military facilities and organizations to steal information. Today, the "cyber equivalent of that is happening because it's so easy to do that remotely, as our sensitive systems are now accessible [online]," Novak said.

Ransomware Incidents

A key finding was that the cost of ransomware has more than doubled in the last two years, with ransomware accounting for one out of every four breaches. The median loss more than doubled from last year to $26,000, with 95% of incidents costing between $1 and $2.25 million. This rise in cost coincides with a dramatic rise in frequency. Last year, the number of ransomware attacks was greater than the previous five years combined.

Ransomware is present today in over 62% of all incidents committed by organized crime actors, and in 59% of all incidents with a financial motivation.

"We see this [trend] in India, where similar attacks have increased across all industries, with the human element being a major factor,” Sharma said.

Ransomware attacks have not increased in terms of breaches and incidents. Image: Verizon Business

While ransomware remains as one of the top kind of breaches, the number of ransomware attacks worldwide did not increase over the past year. There is a flattening in the growth curve both in terms of the percentage of breaches (24%) and the percentage of incidents.

"What is leading to this leveling off is not necessarily that we've gotten better. I think the threat actors have reached a point of saturation. They have reached a point where they either don't have enough people to go out and hit more targets, or their tools are getting a little bit stale. They're more well-known by the defenders, and they're not as successful as they have been," Novak said.


About the Author

Brian Pereira

Brian Pereira

Sr. Director - Editorial, ISMG

Pereira has nearly three decades of journalism experience. He is the former editor of CHIP, InformationWeek and CISO MAG. He has also written for The Times of India and The Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cio.inc, you agree to our use of cookies.