Security News > 2024 > May > 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element
The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches, according to Verizon's 2024 Data Breach Investigations Report, which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023.
"This year's DBIR findings reflect the evolving landscape that today's CISO's must navigate - balancing the need to address vulnerabilities quicker than ever before while investing in the continued employee education as it relates to ransomware and cybersecurity hygiene," said Craig Robinson, Research VP, Security Services at IDC. "The breadth and depth of the incidents examined in this report provides a window into how breaches are occurring, and despite the low-level of complexity are still proving to be incredibly costly for enterprises."
Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues.
68% of breaches, whether they include a third party or not, involve a non-malicious human element, which refers to a person making an error or falling prey to a social engineering attack.
"The persistence of the human element in breaches shows that there is still plenty of room for improvement with regard to cybersecurity training, but the increase in self-reporting indicates a culture change that destigmatizes human error and may serve to shine a light on the importance of cybersecurity awareness among the general workforce," Novak added.
"The Verizon 2024 Data Breach Investigations Report shows it's the still the basics security errors putting organizations at risk, such as long windows between discovering and patching vulnerabilities, and employees being inadequately trained to identify scams. This needs to change as a priority because no business can afford to gamble or take chances with cyber hygiene. Just look at Change Healthcare, the breach was executed via an unsecured employee credential and the organization is now facing over a billion in losses. No other organisation wants to find itself in this position," William Wright, CEO of Closed Door Security, told Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/05/02/verizon-2024-data-breach-investigations-report-dbir/
Related news
- Fortinet confirms data breach after hacker claims to steal 440GB of files (source)
- 23andMe to pay $30 million in genetics data breach settlement (source)
- AT&T pays $13 million FCC settlement over 2023 data breach (source)
- Dell investigates data breach claims after hacker leaks employee info (source)
- Disney ditching Slack after massive July data breach (source)
- A data leak and a data breach (source)
- U.S. govt agency CMS says data breach impacted 3.1 million people (source)
- Dutch Police: ‘State actor’ likely behind recent data breach (source)
- Comcast and Truist Bank customers caught up in FBCS data breach (source)
- Casio reports IT systems failure after weekend network breach (source)