Verizon’s Data Breach Investigations Report (DBIR) is an annual report that provides insights into the latest trends and statistics related to data breaches. The 2021 report revealed that social engineering tactics are becoming increasingly common and are resulting in higher breach expenses for organizations.
Social engineering is a tactic used by cybercriminals to manipulate individuals into divulging sensitive information or performing actions that can compromise the security of an organization. This can include phishing emails, pretexting, baiting, and other forms of deception.
According to the DBIR, social engineering attacks were involved in 36% of all data breaches in 2020. This is a significant increase from the previous year, where social engineering was only involved in 22% of breaches. The report also found that social engineering attacks resulted in higher breach expenses, with an average cost of $1.5 million per incident.
One reason for the increase in social engineering attacks is the shift to remote work due to the COVID-19 pandemic. With more employees working from home, cybercriminals have been able to exploit vulnerabilities in remote access systems and use social engineering tactics to gain access to sensitive information.
The DBIR also found that phishing attacks were the most common form of social engineering, accounting for 36% of all incidents. Phishing emails are designed to look like legitimate messages from trusted sources, such as banks or government agencies, and often contain links or attachments that can infect a user’s device with malware or steal their login credentials.
Pretexting was another common form of social engineering, accounting for 15% of all incidents. Pretexting involves creating a false scenario or identity to trick individuals into divulging sensitive information. For example, a cybercriminal may pose as an IT support technician and ask for a user’s login credentials to fix a supposed technical issue.
To protect against social engineering attacks, organizations should implement security awareness training programs for employees. This can include teaching employees how to identify phishing emails and other forms of social engineering, as well as providing guidelines for secure remote access.
Organizations should also implement multi-factor authentication (MFA) to prevent unauthorized access to sensitive information. MFA requires users to provide additional verification, such as a code sent to their phone, in addition to their login credentials.
In conclusion, the 2021 DBIR highlights the increasing threat of social engineering attacks and the need for organizations to take proactive measures to protect against them. By implementing security awareness training and MFA, organizations can reduce the risk of data breaches and minimize the associated costs.
- SEO Powered Content & PR Distribution. Get Amplified Today.
- EVM Finance. Unified Interface for Decentralized Finance. Access Here.
- Quantum Media Group. IR/PR Amplified. Access Here.
- PlatoAiStream. Web3 Data Intelligence. Knowledge Amplified. Access Here.
- Source: Plato Data Intelligence.