Verizon Business has released its 17th-annual Data Breach Investigations Report (DBIR), highlighting the 30,458 security incidents and 10,626 confirmed breaches in 2023, two times the number in 2020.
The report highlights a troubling rise in the exploitation of vulnerabilities as a gateway for cyber attacks.
Such breaches nearly tripled compared to the year before, constituting a significant 14% of all breaches.
Many of these attacks were largely driven by vulnerabilities in unpatched systems and devices, commonly known as zero-day vulnerabilities, created by ransomware actors.
The report specifically mentions the MOVEit software breach as a significant factor behind the increase in cyberattacks.
Initially impacting the education sector, the breach swiftly spread its tentacles into finance and later spread to finance and insurance industries.
In a prepared statement, Chris Novak, Sr. Director of Cybersecurity Consulting, Verizon Business said “In a possible relief to some anxieties, the rise of artificial intelligence (AI) was less of a culprit vs challenges in large-scale vulnerability management.
He further added, “While the adoption of artificial intelligence to gain access to valuable corporate assets is a concern on the horizon, a failure to patch basic vulnerabilities has threat actors not needing to advance their approach.”
Cybersecurity and Infrastructure Security Agency (CISA) reveals that it takes organizations about 55 days to fix half of their big security issues.
However, it only takes about five days for them to notice when many hackers are attacking the same problem online.
Last year, about 15% of online breaches were recorded from third-party vulnerabilities, and this year, the DBIR reported an increase of 68% compared to the previous period.
Craig Robinson, Research Vice President of Security Services at IDC said, “This year’s DBIR findings reflect the evolving landscape that today’s CISOs must navigate– balancing the need to address vulnerabilities quicker than ever before while investing in the continued employee education as it relates to ransomware and cybersecurity hygiene,”
“The breadth and depth of the incidents examined in this report provides a window into how breaches are occurring, and despite the low level of complexity, are still proving to be incredibly costly for enterprises.”
The other key findings from this year’s report are:
- 32% of breaches featured extortion tactics, such as ransomware.
- Over the last two years, approximately a quarter (24-25%) of financially motivated incidents involve pretexting.
- Stolen credentials were involved in nearly one-third (31%) of all breaches over the past decade.
- Internally-driven breaches constituted half of the incidents in the EMEA region.
- Espionage attacks remained prevalent in the APAC region.
The majority of breaches (68%), are either involved of a third party or non-malicious human element.
However, one good thing is that more people are getting better at recognizing and reporting phishing emails.
In practice tests, about 20% of people spotted and reported fake phishing emails, and even some of the people who fell for the fake emails reported them, too.
For more related news, follow ReliefWatch.
Add Comment