What you need to know:
-
Last year, vulnerability exploitation jumped nearly three times (180%).
-
The rapid rise in ransomware and extortion techniques accounted for a third (32%) of all breaches.
-
More than two-thirds (68%) of breaches involve a benign human element.
-
In 2023, 30,458 security incidents and 10,626 confirmed breaches were analyzed. This is a two-fold increase compared to 2022.
-
Verizon security by the numbers: We manage more than 4,200 networks worldwide, process 34 trillion raw logs annually, and have nine security operations centers around the world.
basking ridge new jersey – Verizon Business today announced the findings of its 17th annual Data Breach Investigations Report (DBIR). The report analyzed a record 30,458 security incidents and 10,626 confirmed breaches in 2023, a twofold increase compared to 2022.
Exploitation of vulnerabilities as an initial point of entry nearly tripled year-over-year, accounting for 14% of all breaches. This spike was primarily driven by the increased frequency of attacks by ransomware attackers targeting vulnerabilities in unpatched systems and devices (zero-day vulnerabilities). The MOVEit software breach was one of the biggest drivers of these cyberattacks, first in the education sector and then spreading to the financial and insurance industries.
“The exploitation of zero-day vulnerabilities by ransomware attackers is a continuing threat to enterprise protection,” said Chris Novak, senior director of cybersecurity consulting at Verizon Business.
To allay some fears, the rise of artificial intelligence (AI) is no longer the culprit for challenges in managing vulnerabilities at scale. “While there are concerns about the impending introduction of artificial intelligence to gain access to valuable corporate assets, failure to remediate fundamental vulnerabilities means threat actors no longer need to proceed with their approach.” '' said Novak.
Analysis of the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog shows that it takes organizations, on average, 55 days to remediate 50% of critical vulnerabilities after a patch is provided. It became clear. Meanwhile, the median time it takes to detect large-scale exploitation of CISA KEV on the internet is 5 days.
“This year’s DBIR findings reflect the evolving landscape that today’s CISOs must deal with: the need to address vulnerabilities faster than ever before, and the ” said Craig Robinson, Research Vice President. , IDC Security Services. “The breadth and depth of the incidents investigated in this report provide insight into how breaches occur and, despite the low level of complexity, remain incredible for businesses. It turns out that it costs a lot.”
Fifteen percent of breaches last year involved third parties, including data controllers, third-party software vulnerabilities, and other direct or indirect supply chain issues. This metric, newly added for the 2024 DBIR, shows the 68% sequential increase accounted for in the 2023 DBIR.
The human element continues to be the gateway for cybercriminals
Most breaches (68%) involve a benign human element, whether by a third party or not. This refers to when a person makes a mistake or falls prey to a social engineering attack. This percentage is about the same as last year. One potential counterforce is improved reporting practices. His 20% of users identified and reported phishing in simulated activities, and his 11% of users who clicked on emails also reported phishing.
“The continued involvement of the human element in breaches shows there is still a lot of room for improvement when it comes to cybersecurity training, but the increase in self-reporting is a sign that a culture that eliminates bias toward human error “Increased cybersecurity awareness among the general workforce'' Novak added.
Other key findings from this year's report include:
-
32% of all breaches involved some type of extortion technique, including ransomware.
-
Over the past two years, around a quarter (24% to 25%) of financially motivated cases involved pretext.
-
Over the past decade, nearly a third (31%) of all breaches involved the use of stolen credentials.
-
Half of EMEA reach is internal
-
Espionage attacks continue to dominate in APAC region
View the 2024 Data Breach Investigation Report (DBIR).
Learn more about how to protect against zero-day vulnerabilities and other cyber threats.
