New Report Says Vulnerability Exploitation Boom Threatens Cybersecurity

Verizon Business recently released the findings of its 17th-annual Data Breach Investigations Report (DBIR), which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023—a two-fold increase over 2022. The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches. This spike was driven primarily by the increasing frequency of attacks targeting vulnerabilities on unpatched systems and devices (zero-day vulnerabilities) by ransomware actors. The MOVEit software breach was one of the largest drivers of these cyberattacks, first in the education sector and later spreading to finance and insurance industries.

“The exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to safeguarding enterprises,” said Chris Novak, Sr. Director of Cybersecurity Consulting, Verizon Business.

In a possible relief to some anxieties, the rise of artificial intelligence (AI) was less of a culprit vs challenges in large-scale vulnerability management. “While the adoption of artificial intelligence to gain access to valuable corporate assets is a concern on the horizon, a failure to patch basic vulnerabilities has threat actors not needing to advance their approach,” Novak said.

Analysis of the Cybersecurity Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog revealed that on average it takes organizations 55 days to remediate 50% of critical vulnerabilities following the availability of patches. Meanwhile, the median time for detecting the mass exploitations of the CISA KEV on the internet is five days.

“This year’s DBIR findings reflect the evolving landscape that today’s CISO’s must navigate-- balancing the need to address vulnerabilities quicker than ever before while investing in the continued employee education as it relates to ransomware and cybersecurity hygiene,” said Craig Robinson, Research Vice President, Security Services at IDC. “The breadth and depth of the incidents examined in this report provides a window into how breaches are occurring, and despite the low-level of complexity are still proving to be incredibly costly for enterprises.”

Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues. This metric—new for the 2024 DBIR— shows a 68% increase from the previous period described in the 2023 DBIR.

The human element continues to be the front door for cybercriminals

Most breaches (68%), whether they include a third party or not, involve a non-malicious human element, which refers to a person making an error or falling prey to a social engineering attack. This percentage is about the same as last year. One potential countervailing force is the improvement of reporting practices: 20% of users identified and reported phishing in simulation engagements, and 11% of users who clicked the email also reported it.

“The persistence of the human element in breaches shows that there is still plenty of room for improvement with regard to cybersecurity training, but the increase in self-reporting indicates a culture change that destigmatizes human error and may serve to shine a light on the importance of cybersecurity awareness among the general workforce,” Novak added.

Other key findings from this year’s report include:

  • 32% of all breaches involved some type of extortion technique, including ransomware
  • Over the past two years, roughly a quarter (between 24% and 25%) of financially motivated incidents involved pretexting
  • Over the past 10 years, the Use of stolen credentials has appeared in almost one-third (31%) of all breaches
  • Half of the reaches in EMEA are internal
  • Espionage attacks continue to dominate in APAC region

View the 2024 Data Breach Investigation Report (DBIR) here.

Featured

  • The Future is Happening Outside the Cloud

    For years, the cloud has captivated the physical security industry. And for good reason. Remote access, elastic scalability and simplified maintenance reshaped how we think about deploying and managing systems. But as the number of cameras grows and resolutions push from HD to 4K and beyond, the cloud’s limits are becoming unavoidable. Bandwidth bottlenecks. Latency lags. Rising storage costs. These are not abstract concerns. Read Now

  • The Impact of Convergence Between IT and Physical Security

    For years, the worlds of physical security and information technology (IT) remained separate. While they shared common goals and interests, they often worked in silos. Read Now

  • Unlocking Trustworthy AI: Building Transparency in Security Governance

    In situations where AI supports important security tasks like leading investigations and detecting threats and anomalies, transparency is essential. When an incident occurs, investigators must trace the logic behind each automated response to confirm its validity or spot errors. Demanding interpretable AI turns opaque “black boxes” into accountable partners that enhance, rather than compromise, organizational defense. Read Now

  • Seeking Innovative Solutions

    Denial, Anger, Bargaining, Depression and Acceptance. You may recognize these terms as the “5 Phases” of a grieving process, but they could easily describe the phases one goes through before adopting any new or emerging innovation or technology, especially in a highly risk-averse industry like security. However, the desire for convenience in all aspects of modern life is finally beginning to turn the tide from old school hardware as the go-to towards more user-friendly, yet still secure, door solutions. Read Now

  • Where AI Meets Human Judgment

    Artificial intelligence is everywhere these days. It is driving business growth, shaping consumer experiences, and showing up in places most of us never imagined just a few years ago. Read Now

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.