The 17th annual Verizon Data Breach Investigations Report (DBIR) is out, and it's filled with useful insights on cybersecurity. With data from over 30,000 incidents and 10,000 confirmed breaches, this report gives a detailed look at today’s threat landscape. But no need to sift through the lengthy report, we’ve broken down the key takeaways to make it easy for you to understand the major trends and how they might impact your organization. For the rest of this blogpost, we'll use the abbreviation "DBIR" to refer to the Verizon Data Breach Investigations Report.
What’s new in the 2024 DBIR?
This year’s DBIR analyzes a staggering 30,458 security incidents that occurred between November 1, 2022, and October 31, 2023. Out of these incidents, a record-breaking 10,626 confirmed data breaches were studied, double the number from last year’s report. These breaches impacted organizations across 94 countries, giving us a global perspective on the current cybersecurity landscape.
But what exactly is a “breach”? Verizon defines it as an incident where data is disclosed to an unauthorized party. This distinction ensures we’re looking at cases where data was actually compromised.
Key findings
With this context in mind, let's explore the key findings from the 2024 DBIR. This year’s report sheds light on several critical trends and insights:
The top 3 ways hackers break in
The top three ways hackers gain access haven’t changed much from last year, though the numbers have shifted a bit:
- Credential theft was involved in 38% of breaches, which is a slight drop from last year.
- Phishing remains a consistent threat, accounting for 15% of breaches, similar to last year.
- Exploited vulnerabilities have seen a huge increase, now responsible for 14% of breaches, up 180% from last year. This big jump is mainly due to new zero-day exploits, with web applications being the most common target.
68% of breaches involve human error
One of the biggest takeaways from the report is that 68% of breaches involve human error. This means most breaches occur because someone makes a mistake or falls for social engineering scams. For example, it takes just 21 seconds for someone to click on a phishing link and 28 seconds to enter sensitive information on a phishing site. These quick actions highlight the critical need for ongoing cybersecurity training and awareness.
Additionally, it’s important to note that errors contributed to 28% of all breaches. This highlights the need for organizations to implement robust error prevention strategies and continually reinforce security best practices among employees.
The good news is that more people now recognize and report phishing attempts. The report shows that over 20% of users are spotting and reporting phishing emails, including 11% of those who clicked on the emails. This increase likely comes from effective security awareness training, which helps people recognize these malicious emails better.
Ransomware is a top threat for 92% of all industries
Ransomware continues to be a major threat, with 62% of financially motivated incidents involving either ransomware or extortion. The average loss per breach is a staggering $46,000. These attacks are getting more sophisticated, often mixed with other methods, making them tougher to defend against.
Even more concerning is the rise in attacks that take advantage of security vulnerabilities. In 14% of breaches, vulnerabilities were the way in, nearly three times higher than last year. This increase is largely due to zero-day vulnerabilities being quickly exploited by cybercriminals, stressing the importance of fast patching and fixing security flaws.
Supply chain attacks are on the rise
For the first time, the DBIR has singled out supply chain attacks as their own category, making up 15% of all breaches. That’s a 68% increase from last year. These attacks can come from compromised business partners, hacked software updates, or weaknesses in third-party tools. This big jump highlights the importance of strong vendor and third-party risk management.
It takes 5 days to detect and 55 days to remediate
Managing vulnerabilities quickly is key to reducing the risk of breaches. The DBIR shows that it takes 5 days to detect and about 55 days to fix 50% of vulnerabilities after patches are made available. This delay leaves organizations vulnerable to attacks. That’s why fast patching and regular vulnerability scanning are so important to close the window of opportunity for attackers.
For small businesses, using automated tools to handle patches, outsourcing to security providers, and focusing on the most critical systems, especially those exposed to the internet or handling sensitive data can help. If patching everything feels overwhelming, prioritizing these key areas reduces the biggest risks.
92% of breaches are financially motivated
Financial motives still drive most breaches, accounting for 92% of incidents. However, there’s been a small rise in espionage-related breaches, going from 5% to 7%. While the increase may seem minor, it’s especially important for industries dealing with sensitive intellectual property or government contracts, where espionage poses a serious threat.
Personal data is the most common target in breaches
The report reveals that personal data is the most common target in breaches, accounting for almost 60% of cases. There’s also a worrying increase in the exposure of sensitive personal information compared to last year. This makes it clear that implementing robust data encryption, strict access controls, and privacy protections is crucial for safeguarding sensitive information from unauthorized access.
Industry-specific threats
Different industries face unique threats, but no sector is safe. Here’s a look at the most affected areas:
- Hospitality and food service: Social engineering attacks have surged, making up 25% of incidents.
- Education: Extortion and human error are major threats, with 1,537 confirmed breaches out of 1,780 incidents.
- Finance and insurance: Complex attacks are increasing, with 1,115 breaches from 3,348 incidents.
- Healthcare: Insider threats are up, and personal data is a prime target, accounting for nearly 60% of breaches.
- Manufacturing: There’s been a rise in breaches, especially from malware and stolen credentials.
- Retail: The focus of attacks has shifted from payment information to stolen credentials.
How to stay ahead of threats
To keep up with the changing threat landscape, Verizon’s DBIR offers some essential tips for boosting your cybersecurity:
- Ongoing training: Regular awareness training helps reduce mistakes that can lead to breaches.
- Phishing simulations: Run real-time phishing tests to improve employee awareness and response.
- System updates: Frequently update and patch systems to guard against known vulnerabilities.
- Partner security: Check that your partners follow strong security practices to prevent supply chain attacks. Monitor and manage the security of all third parties.
Final thoughts
In summary, the 2024 Verizon DBIR highlights the current cybersecurity landscape, showing that human error, ransomware, and supply chain attacks are top concerns. To tackle these issues, building a strong security culture is essential.
At CyberPilot we help you do just that. Our awareness training and phishing training are designed to integrate cybersecurity into your team’s daily habits. Plus, we offer free resources to kickstart your efforts, including downloadable posters, a podcast with expert cybersecurity tips, and free GDPR and cybersecurity templates.
Explore our free resources or reach out to see how we can support your cybersecurity journey. Feel free to book a quick chat with us to learn more.
