May 2, 2024 at 10:03AM
Verizon’s 2024 Data Breach Investigations Report reveals a doubling of security incidents and confirmed breaches compared to the previous year. The exploitation of vulnerability as an initial breach point has surged by 180%, partly due to MOVEit and zero-day attacks. Additionally, the report emphasizes the need for faster response to critical vulnerabilities and highlights the rise of non-malicious human element involvement in breaches.
From the meeting notes, I have compiled the following key takeaways:
1. The 2024 Data Breach Investigations Report (DBIR) by Verizon analyzed over 30,000 security incidents and 10,000 confirmed data breaches.
2. The number of incidents and confirmed breaches has doubled compared to the previous year.
3. Exploitation of vulnerabilities as an initial point of entry in breaches saw a 180% increase, partly due to MOVEit attacks and other zero-day exploits by ransomware groups.
4. Organizations take an average of 55 days to address 50% of critical vulnerabilities after patches become available.
5. Users are becoming better at identifying phishing attempts, but the median time for falling for phishing emails is less than 60 seconds.
6. 68% of all breaches involved a non-malicious human element, such as falling victim to social engineering attacks or making an error.
7. One-third of the breaches involved ransomware or other extortion techniques.
8. Pure extortion attacks now constitute 9% of all breaches, with ransomware as a top threat across 92% of industries.
The full Verizon DBIR 2024 report is available in PDF format for further reference.