6 key takeaways from the Verizon DBIR Report 2024

Verizon released its 17th edition of the Data Breach Investigations Report, covering over 94 countries! This year’s report focused on how the attackers have gained entry, the techniques deployed by them, and the industrial and regional impact of data breaches. It is an outcome of analysis of more than 30,458 incidents, out of which 10,626 confirmed cases of data breaches. In this edition of the Journal, we will look at some of the key findings in this report.?

Takeaway 1: Zero-day exploits are at peak

• Zero-day exploits topped among the biggest cybersecurity challenges for businesses globally.?
• There has been a 180% increase in the?exploitation?of vulnerabilities and zero-day exploits from 2023.?
• 90% of attackers relied on exploited vulnerabilities, 80% on backdoor exploits, 75% on extortion, and less than 40% on stolen credentials, password dumpers, ransomware, export data, and other methods.?

Takeaway 2: There is a quick rise in the threat of ransomware

• Web applications are the most preferred entry point for ransomware attacks.?
• 32% of data breaches were orchestrated using ransomware attacks??
• Ransomware forms one-third of all data breaches.?
• 92% of industries were impacted by ransomware.?

Takeaway 3: Human error continues to be attackers’ favorite vector

• 68% of data breaches occur due to human errors??

• Only 20% of the users reported phishing in a simulated attack?
• Users took only 21 seconds to click on a malicious link and 28 seconds to input their data to a malicious website?
• Businesses need to build a cybersecurity culture and raise awareness of security?
• It takes 55 days on average for organizations to remediate 50% of critical vulnerabilities whose patches have already been released?
• Quality control and periodical testing for quicker patch management are a must??

Takeaway 4: Increased businesses at risk of breach due to Third party risk exposure?

• 15% of data breaches were due to third-party/vendor risk exposure??
• Businesses need to strengthen risk evaluation of third parties?
• Businesses?must strengthen vendor/third-party security policies??
• Periodical?security assessments must be mandated to reduce the risk of data breach?

[Dive deeper into the essential findings of the Verizon DBIR 2024]

Takeaway 5: Industrial impact

• The most common motive for attacks was financial??
• 70% of healthcare attacks were orchestrated by internal threat actors?

• The most commonly used techniques and attacks include – System intrusion, Exploitation of miscellaneous vulnerabilities and social engineering?
• Data stolen across industries varied with the most common data stolen being personal data?

Takeaway 6:? Regional impact of data breaches?

• 95% of breaches in the APAC were caused by system intrusion, social engineering, and web application attacks?
• 87% of data breaches in the EMEA region were caused due to system intrusion, web application attacks, social engineering,? and miscellaneous errors?
• Attackers used? basic web application attacks and social engineering attacks in 91% of attacks in the NA region?
• 49% (almost half) of the data breaches in the EMEA region were orchestrated by internal threat actors?
• A majority of attacks in the APAC region were with a motive to carry out espionage

We dive deep into the insightful?takeaways of the 2024 Verizon Data Breach Investigation Report including, how the attackers gained entry, techniques deployed by them, and the regional impact of breaches on businesses across industries. ?