Exploit craze threatens cybersecurity

What you need to know:

  • Vulnerability exploits increased nearly threefold (180%) last year.
  • The rapid rise of ransomware and ransomware technology accounted for one-third (32%) of all breaches.
  • More than two-thirds (68%) of breaches involved non-malicious human factors.
  • 30,458 security incidents and 10,626 confirmed breaches were analyzed in 2023, a triple increase from 2022.
  • Verizon's (NYSE:) security profile: manages more than 4,200 networks globally, processes 34 terabytes of raw logs annually, and has nine security operations centers around the world.

BASKING RIDGE, N.J., May 01, 2024 (GLOBE NEWSWIRE) — Verizon Business today released the findings of its 17th annual Data Breach Investigations Report (DBIR), which analyzed a record 30,458 data breaches in 2023 security incidents and 10,626 confirmed breaches, a tripling from 2022.

Exploitation of vulnerabilities as an initial entry point nearly tripled from the previous year, accounting for 14% of all breaches. This surge is primarily driven by the increasing frequency of attacks by ransomware attackers targeting vulnerabilities on unpatched systems and devices (zero-day vulnerabilities). The MOVEit software leak was one of the biggest drivers of these cyberattacks, first in the education sector and later spreading to the financial and insurance industries.

Chris Novak, senior director of cybersecurity consulting at Verizon Business, said ransomware attackers exploiting zero-day vulnerabilities remains a persistent threat to enterprise protection.

Compared with the challenges of large-scale vulnerability management, the rise of artificial intelligence (AI) is not the main culprit, which may alleviate some anxiety. Novak said that while the use of artificial intelligence to gain access to valuable enterprise assets is an upcoming issue, threat actors will not need to advance their methods if basic vulnerabilities cannot be patched.

3rd party advertising. Not an offer or recommendation by Investing.com.See disclosures here or
Remove ads

Analysis of the Cybersecurity Infrastructure and Security Agency's (CISA) Known Exploitable Vulnerabilities (KEV) catalog shows that after a patch is released, it takes organizations an average of 55 days to remediate 50% of critical vulnerabilities. Meanwhile, the median time it took for large-scale CISA KEV exploits to be detected online was five days.

Craig Robinson, vice president of security research, said this year’s DBIR survey results reflect the changing landscape that today’s CISOs must navigate—balancing the need to address vulnerabilities faster than ever before while investing in combating ransomware Continuous employee education services related to cybersecurity hygiene IDC. The breadth and depth of the incidents examined in this report provide a window into how breaches occur, which, despite their low complexity, can prove costly to businesses.

Last year, 15% of breaches involved third parties, including data custodians, third-party software vulnerabilities and other direct or indirect supply chain issues. This “new indicator for the 2024 DBIR” shows a 68% increase from the previous period described in the 2023 DBIR.

The human element remains the front door for cybercriminals The majority of breaches (68%), whether or not they include third parties, involve non-malicious human factors, where someone made a mistake or fell victim to a social engineering attack. This ratio is roughly the same as last year. One potential countervailing force is improved reporting practices: 20% of users discovered and reported phishing during simulated campaigns, as did 11% of users who clicked on the email.

3rd party advertising. Not an offer or recommendation by Investing.com.See disclosures here or
Remove ads

The persistence of the human element in breaches suggests there's still plenty of room for improvement in cybersecurity training, but the increase in self-reporting points to a change in culture that removes the stigma of human error and may help shed light on cyber The Importance of Safety Training.

Other key findings from this year’s report include:

  • 32% of breaches involved some type of ransomware technology, including ransomware
  • About a quarter (24% to 25%) of financially motivated incidents over the past two years involved excuses
  • In the past 10 years, almost one-third (31%) of breaches involved the use of stolen credentials
  • Half of EMEA coverage is in-house
  • Espionage attacks continue to dominate Asia-Pacific

View the 2024 Data Breach Investigations Report (DBIR):

For more information on ways to help protect against zero-day vulnerabilities and other cyber threats, visit here.

Media contact: Carlos Arcila +1.908-202-0479Carlos.Arcila@verizon.com

Nilesh Pritam +65 6248-6599 Nilesh.Pritam@sg.verizon.com

Sabrina Kepple +44 7391 065817Sebrina.Kepple@verizon.com

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *