Adrian Johnson
TLDR:
Verizon Business released its 17th-annual Data Breach Investigations Report, highlighting the role of the human element in cyber threats. The report shows a significant increase in security incidents and breaches in 2023, with a focus on non-malicious human errors and social engineering. Key findings include a rise in vulnerability exploitation, extortion, and the use of stolen credentials. Security experts emphasize the need for a holistic approach to cybersecurity, including user education, vulnerability management, and AI integration.
Article Summary:
Verizon Business released its 17th-annual Data Breach Investigations Report (DBIR), highlighting the role that the human element plays in cyber threats. This report examined 30,458 security incidents as well as 10,626 verified breaches in 2023, representing a two-fold increase from 2022. Out of the breaches analyzed, more than two-thirds (68%) included a non-malicious human element — in other words, these incidents involved insider errors or people falling for social engineering schemes. This percentage remains consistent with last year’s, suggesting that the human element remains a steady risk concern. Reporting practices improved, as 20% of individuals recognized and reported phishing in simulated exercises, and 11% of individuals who clicked a malicious email reported it. Another notable finding from the report was the increase in vulnerability exploitation. Exploiting vulnerabilities as an initial entry point accounted for 14% of all breaches, representing a volume three times (180%) greater than 2023. According to the report, this increase was driven by zero-day vulnerabilities that ransomware actors leveraged. Key findings from the report include: 32% of breaches included a form of extortion, including ransomware. Between 24% and 25% of financially motivated security events involved pretexting over the past two years. Over the last decade, 31% of breaches involved the use of stolen credentials.
Security experts weighed in on the report findings. Saeed Abbasi from Qualys emphasized the adaptive threat landscape and the importance of a dual approach to cybersecurity. Patrick Harr from SlashNext highlighted the shift towards human-centric security posture with the use of AI. Agnidipta Sarkar from ColorTokens stressed the need for microsegmentation for cyber defense. Nick Rago from Salt Security discussed the rise of supply chain attacks and the importance of API security. Dana Simberkoff from AvePoint emphasized the responsible use of AI and machine learning in cybersecurity.
The key takeaway from the experts is the need for a holistic approach to cybersecurity that includes user education, vulnerability management, and integration of AI and machine learning technologies to counter evolving cyber threats.
