Verizon’s 2022 Data Breach Investigation Report reveals some interesting information from extensive worldwide research.
In North America, System Intrusion (Now up to 80%) attacks surpass Social Engineering (down to 20%). System Intrusion is when attackers gain access to networks, plant ransomware, establish remote access, and otherwise compromise data and processes in a network.
90% of system intrusion attacks in North America were performed by threat actors external to the company. But the 10% of internal attacks highlights the concern of insider threats. Insider threat is when someone working for an organization accidentally or intentionally gives attackers access.
In North America, the motivation for attacks are:
For financial gain: 96%
Espionage and spying: 3%
Grudges and anger: 1%
Of attacks in North America, 14% were caused Primarily by Cloud Security Misconfigurations, highlighting the need to ensure IT professionals are familiar with the complex security settings related to cloud services. An excellent resource for Microsoft Cloud Security is https://learn.microsoft.com/en-us/microsoft-365/solutions/setup-secure-collaboration-with-teams?view=o365-worldwide#securing-teams-for-sensitive-and-highly-sensitive-data
To see statistics in other parts of the world and overall, you can find the report at https://www.verizon.com/business/resources/reports/dbir/