2024 Data Breach Investigations Report: Vulnerability exploitation boom threatens cybersecurity
01 May 2024 - 2:33PM
Verizon Business today released the findings of its 17th-annual
Data Breach Investigations Report (DBIR), which analyzed a
record-high 30,458 security incidents and 10,626 confirmed breaches
in 2023—a two-fold increase over 2022.
The exploitation of vulnerabilities as an initial point of entry
almost tripled from the previous year, accounting for 14% of all
breaches. This spike was driven primarily by the increasing
frequency of attacks targeting vulnerabilities on unpatched systems
and devices (zero-day vulnerabilities) by ransomware actors. The
MOVEit software breach was one of the largest drivers of these
cyberattacks, first in the education sector and later spreading to
finance and insurance industries.
“The exploitation of zero-day vulnerabilities by ransomware
actors remains a persistent threat to safeguarding enterprises,”
said Chris Novak, Sr. Director of Cybersecurity Consulting, Verizon
Business.
In a possible relief to some anxieties, the rise of artificial
intelligence (AI) was less of a culprit vs challenges in
large-scale vulnerability management. “While the adoption of
artificial intelligence to gain access to valuable corporate assets
is a concern on the horizon, a failure to patch basic
vulnerabilities has threat actors not needing to advance their
approach,” Novak said.
Analysis of the Cybersecurity Infrastructure and Security Agency
(CISA) Known Exploited Vulnerabilities (KEV) catalog revealed that
on average it takes organizations 55 days to remediate 50% of
critical vulnerabilities following the availability of patches.
Meanwhile, the median time for detecting the mass exploitations of
the CISA KEV on the internet is five days.
“This year’s DBIR findings reflect the evolving landscape that
today’s CISO’s must navigate-- balancing the need to address
vulnerabilities quicker than ever before while investing in the
continued employee education as it relates to ransomware and
cybersecurity hygiene,” said Craig Robinson, Research Vice
President, Security Services at IDC. “The breadth and depth of the
incidents examined in this report provides a window into how
breaches are occurring, and despite the low-level of complexity are
still proving to be incredibly costly for enterprises.”
Last year, 15% of breaches involved a third party, including
data custodians, third-party software vulnerabilities, and other
direct or indirect supply chain issues. This metric—new for the
2024 DBIR— shows a 68% increase from the previous period described
in the 2023 DBIR.
The human element continues to be the front door for
cybercriminals Most breaches (68%), whether they include a
third party or not, involve a non-malicious human element, which
refers to a person making an error or falling prey to a social
engineering attack. This percentage is about the same as last year.
One potential countervailing force is the improvement of reporting
practices: 20% of users identified and reported phishing in
simulation engagements, and 11% of users who clicked the email also
reported it.
“The persistence of the human element in breaches shows that
there is still plenty of room for improvement with regard to
cybersecurity training, but the increase in self-reporting
indicates a culture change that destigmatizes human error and may
serve to shine a light on the importance of cybersecurity awareness
among the general workforce,” Novak added.
Other key findings from this year’s report include:
- 32% of all breaches involved some type of extortion technique,
including ransomware
- Over the past two years, roughly a quarter (between 24% and
25%) of financially motivated incidents involved pretexting
- Over the past 10 years, the Use of stolen credentials has
appeared in almost one-third (31%) of all breaches
- Half of the reaches in EMEA are internal
- Espionage attacks continue to dominate in APAC region
View the 2024 Data Breach Investigation Report (DBIR):
For more information on ways to help defend against zero-day
vulnerabilities and other cyber threats, visit HERE.
Media contacts: Carlos
Arcila+1.908-202-0479Carlos.Arcila@verizon.com
Nilesh Pritam+65 6248-6599Nilesh.Pritam@sg.verizon.com
Sebrina Kepple+44 7391 065817Sebrina.Kepple@verizon.com
Verizon Communications (NYSE:VZ)
Historical Stock Chart
From Apr 2024 to May 2024
Verizon Communications (NYSE:VZ)
Historical Stock Chart
From May 2023 to May 2024