Privilege Misuse

2023

Please provide the information below to view the online Verizon Data Breach Investigations Report.

First Name: Last Name: E-mail: Organization: Organization type Country:

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

I confirm I have read and understood

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Gracias.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Gracias.

You may now close this message and continue to your article.

Resumen

Your employees continue to use their access to commit breaches and, in some cases, initiate fraudulent transactions. We saw more collusion between multiple types of actors this year.

What is the same?

This pattern continues to be dominated by the Internal actor, by definition. Most are motivated by financial gain, and Personal data continues to be a favorite target.

Frequency		406 incidents, 288 with confirmed data disclosure
Threat actors		Internal (99%), Multiple (7%), External (6%), Partner (2%) (breaches)
Actor motives		Financial (89%), Grudge (13%), Espionage (5%), Convenience (3%), Fun (3%), Ideology (2%) (breaches)
Data compromised		Personal (73%), Medical (34%), Other (18%), Bank (12%), Payment (12%) (incidents)

My employees love me!

People may think they are somehow immune to a data breach. They may put their trust in their security controls, thinking they have amazing, impenetrable defenses. They may put their trust in “flying under the radar” or believe they are too small to have a breach. But this kind of thinking largely assumes breaches come from the outside, from the “bad actors” that are external to the organization. What they fail to take into account is the risk of an insider breach. “Surely, MY people wouldn’t do that!” they say. But of course, they would—and don’t call me Shirley.

The hard fact to face is that some of our employees also cause data breaches for malicious reasons. The most common nonaccidental Internal actor breach is Privilege abuse. This is just what it sounds like—employees abusing the access they have been given to do their jobs to steal data instead. They are significantly more likely to do this for their own financial gain (Figure 48). We know, it’s a shocker.

We’ll just help ourselves.

We’ve talked about your employees committing these acts—but our At-a-Glance table shows that we see other kinds of threat actors in this pattern. Interestingly, we see multiple threat actors (Internal, External, Partner—some combination of these three) in 7% of the breaches. This is collusion—evidence of multiple kinds of Actors working together to bring about a data breach.

Indeed, we have seen instances where organized fraud gangs have sent in people with the objective of being hired by businesses for the purpose of facilitating large-scale scams. We have seen this in multiple industries, and it has continued to plague organizations for years. These people can be difficult to spot—they may present and interview convincingly. This practice by financially motivated criminal groups makes it even more important to have your detective controls in place to catch the inappropriate access that these people are enabling. One of the difficulties in responding to an incident like this is that no company’s onboarding process is perfect, and most onboarding involves getting the new hire added to various groups and systems that aren’t always directly controlled by IT. Those investigations often reveal process-related weaknesses in the IT infrastructure.

We are increasingly seeing Privilege Misuse breaches paired with Fraudulent transactions, more so this year than in the past several, as shown in Figure 49. Fraudulent transactions are an Integrity violation that is frequently the end game of the BEC and is typically a money transfer to a threat actor-controlled bank account. However, since Internal actors already have access to the systems where bank accounts and routing information are stored in these cases, they’re probably just making that banking update themselves. Seeing Internal actors increasingly just redirect funds is especially concerning, considering it may be someone in a position to siphon significant resources away from the organization.