The Verizon Business 17th annual Data Breach Investigations Report (DBIR), which analyzed more than 30,000 security incidents and more than 10,000 confirmed breaches globally, found that vulnerability exploitation escalated by nearly three times (180%) last year compared with the previous period.
Attacks targeting vulnerabilities on unpatched systems and devices (zero-day vulnerabilities) now account for 14% of all breaches, the report shows.
One of the most notable drivers of these attacks was the MOVEit software breach, a supply-chain attack that exploited a vulnerability in an organization’s file transfer app.
According to the Cybersecurity Infrastructure and Security Agency (CISA), it takes organizations an average of 55 days to remediate half of critical vulnerabilities following the availability of patches, while the median time for detecting this type of mass attack is five days.
Verizon noted that the spread of artificial intelligence (AI) was less of a factor in the security incidents examined by the Verizon report than were challenges in large-scale vulnerability management.
“While the adoption of artificial intelligence to gain access to valuable corporate assets is a concern on the horizon, a failure to patch basic vulnerabilities has threat actors not needing to advance their approach,” said Chris Novak, Verizon Business senior director of cybersecurity consulting, in a prepared statement about the data breach report. “The exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to safeguarding enterprises.”
A third party was involved in 15% of breaches last year. This is a new metric for the Verizon report, which found that this type of breach had increased 68%. Third parties include data custodians, third-party software, and other direct or indirect supply chain participants.
Other key findings from this year’s report:
- 32% of all breaches involved some type of extortion technique, including ransomware.
- Over the past two years, roughly one-quarter (between 24% and 25%) of financially motivated incidents involved pretexting.
- Over the past 10 years, the use of stolen credentials has appeared in almost one-third (31%) of all breaches.
Additionally, most cybersecurity breaches (68%) involve a non-malicious human element, meaning someone made a human error or fell for a social engineering attack.
