As cybersecurity experts, we eagerly anticipate annual high-level reports from leading cybersecurity companies like IBM and Verizon. The global reach of these organizations enables them to offer valuable insights that inform our customers' cybersecurity strategies. At RipRap Security, we primarily support small-to-medium-sized organizations and nonprofits, but these reports provide excellent insight into techniques used against larger organizations across various industries, including government, critical infrastructure, and transportation.

In this post, we share key insights from the 2023 IBM report to help inform and educate readers.

Phishing Remains A Significant Threat

IBM observed that 41% of all incidents involved phishing as an initial access method. The attacks took various forms: 62% enticed victims to open an attachment, 33% to click a link, and 5% used third-party services like Twitter or Instagram.

Attackers recognize the high return on investment phishing provides. With basic research, they can craft seemingly legitimate phishing messages to deceive victims. Organizations can counter phishing threats through:

• Training: Well-trained staff can identify phishing attempts, making them your best defense. Regular phishing simulations assess an organization's vulnerability and reinforce phishing identification techniques.

• Email filtering: Tools that protect against phishing can reduce attacks, but may be less effective against targeted spear phishing.

• Endpoint protection: Centrally-managed Endpoint Detection and Response (EDR) tools help reduce the impact of successful phishing attempts.

Diverse Motivations Drive Attackers

The IBM report digs into a really fascinating set of statistics - why attackers are trying to hack organizations in the first place. Here are the top five motivations behind attacks observed by IBM:

• Extortion (21%): Attackers use techniques like ransomware and business email compromise to force victims to comply with demands.

• Data theft (19%): Organizations store sensitive information that can be sold or used in subsequent attacks.

• Credential harvesting (11%): Attackers access login credentials to expand their attacks.

• Data leak (11%): Sensitive data is deliberately leaked.

• Brand reputation (9%): Attackers reveal sensitive information to damage a brand's reputation and public image.

Understanding these motivations assists organizations with threat modeling, helping to identify top threats and establish appropriate defensive measures.

All Orgs Are Potential Targets

Our team often hears concerns like, "We're too small to be a target" or "Why would a hacker be interested in us?" However, organizations of any size or type can be targets for various reasons. For example, smaller organizations might be attacked because of their association with larger targets, as supply chain attacks exploit these relationships.

IBM found that 6% of all incidents occurred in the professional, business, and consumer services sector, which includes consultancies, IT and technology companies, and advertising, public relations, and communications agencies. Notable statistics include:

• Ransomware and backdoor access attacks each accounted for 18% of incidents.

• Primary attack vectors were public-facing applications (23%), external remote services (23%), spear phishing (15%), and local account access (15%).

• Extortion was the leading motivation (28%), followed by data theft, credential harvesting, and data leaks (17% each).

Wrapping Up

The 2023 IBM report offers valuable data to contextualize the importance of cybersecurity. Reports like these help to demystify cybersecurity issues by illuminating attacker techniques and motivations.

RipRap Security is committed to ensuring our customers have the proper defenses, processes, policies, and personnel to defend against and minimize the impact of attacks. To learn more about how we can help improve your organization's cybersecurity, schedule a free consultation.