Verizon data breach report highlights human element risks

Verdict· Burdun Iliya via Shutterstock.
GlobalData Technology
2 min read
0
In this article:

The 2024 Verizon Data Breach Investigations Report (DBIR) lays the threat landscape bare, pointing to a huge increase in vulnerability exploitations – up 180% versus the prior year.

Some 14% of all breaches involved the exploitation of vulnerabilities, with Verizon assigning responsibility for this to the targeting of unpatched systems and zero day vulnerabilities. Verizon noted threat actors used MOVEit and other zero day exploits to launch their ransom demands.

Credential theft is a significant factor in breaches, resulting in 38% of all incidents. Phishing is another route into the enterprise, being associated with 15% of all breaches. The most frequently used entry point for phishing is Web applications, followed by email.

The report, which analyses 20,358 security incidents and 10,626 confirmed breaches offered by third-party contributors including the US Secret Service and dozens of other organizations and companies; publicly-known data breaches; and security events mitigated by its own Verizon Threat Research Advisory Center (VTRAC), emphasised the critical role the human element plays in introducing risk into the equation.

Verizon: human element involved in nearly 70% of breaches

Nearly 70% of all breaches involve a staff member, contractor, or partner who, with no ill intent, contributed to an incident. To this end, the DBIR noted that just under one-third of all security incidents incorporate an extortion technique.

At least 24% of all profit-driven breaches over the last two years applied pretexting, the use of fictional narratives to win the targets' trust to get them to offer up sensitive information, transfer money, or in some other way hurt the victim or their organization.

Preying on a target’s trust is not a new technique. Over the last ten years, credential theft is associated with 31% of all incidents, and techniques like pretexting are a prime way to capture these keys to unlock other data. The issue is that the frequency and severity of incidents involving the human element are escalating.

While most enterprises of any significant size conduct end user awareness training, this exercise tends to be an annual activity rather than an ongoing program.

It seems a more effective path forward would be to create engaging and accurate cybersecurity educational content. This should be delivered throughout the year, not just as a one-off check-the-box training-to-the-test.

"Verizon data breach report highlights human element risks" was originally created and published by Verdict, a GlobalData owned brand.


 


The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.

Advertisement

Recommended Stories

  • Meta identifies networks pushing deceptive content likely generated by AI

    Meta said on Wednesday it had found "likely AI-generated" content used deceptively on its Facebook and Instagram platforms, including comments praising Israel's handling of the war in Gaza published below posts from global news organizations and U.S. lawmakers. It attributed the campaign to Tel Aviv-based political marketing firm STOIC. STOIC did not immediately respond to a request for comment on the allegations.

  • Solana Validators to Get More SOL as Fee Proposal Passes in Favor

    Over 77% of Solana governance participants voted in favor of giving validators the full priority fee amount per transaction.

  • I’ve read over 100 AI requests for proposals from major companies. Here’s the matrix of guardrails and obligations that is emerging

    Forward-thinking companies are getting proactive—and establishing their own guardrails without waiting for regulation.

  • A secure foundation? Cybersecurity in the construction industry

    A 2024 GlobalData poll revealed that 73% of respondents said cybersecurity was either already disrupting their industry or would do so in the next 12 months.

  • OpenAI signs content deals with The Atlantic and Vox Media

    The agreements with The Atlantic and Vox Media come on the heels of several media firms signing similar deals, giving OpenAI access to their news content and archives to train its large language models. Such partnerships are not only crucial for the training of AI models, they can also be lucrative for news publishers, which have traditionally been denied a slice of profits internet giants earn for distributing their content. Last week, OpenAI signed a deal with media conglomerate and the Wall Street Journal-owner News Corp.

  • AI Stocks: Tech Giants, Cloud Titans, Chipmakers Battle For An Edge

    Nvidia shares have jumped 130% in 2024 after surging 239% last year. NVDA stock hit a new high on reports Elon Musk will use its AI chips for a new supercomputer.

  • Top EU data regulator says tech giants working closely on AI compliance

    The world's leading internet firms are engaging extensively with regulators in the European Union to ensure their artificial-intelligence products do not fall foul of the bloc's strict data protection rules, Ireland's powerful data regulator said. Ireland's Data Protection Commission, lead EU regulator for Alphabet's Google, Meta, Microsoft, TikTok and OpenAI, among others, said that its broad powers had not yet been tested on AI and it could in future force changes to business models to ensure data privacy is protected. AI creates a number of potential issues for data privacy, the two top officials at Ireland's Data Protection Commission said in an interview on Tuesday.

  • The Future of AI Is Decentralized

    With AI, centralization doesn’t work on any level: technical, philosophical, ethical, or market, says Alex Goh, founder and chairman of EMC.

  • Denmark has the solution to America's broken housing market

    In a cruel twist, millions of Americans are trapped in their homes by low mortgage rates. Denmark's housing market offers a tantalizing alternative.

  • 3 Dividend Kings To Buy For A Lifetime Of Reliable Income

    Investors looking for high-quality dividend stocks can consider the Dividend Kings, a collection of 48 businesses that have raised their payouts for at least 50 years. Because these stocks weather recessions well, retirees find them especially ...