Time to Take Action: Insights From the Verizon Data Breach Investigations Report 2024
Table Of Contents:
In its 2024 Data Breach Investigations Report, Verizon outlines the prevalence of three key pathways by which cyber criminals will attempt to access an organisation’s systems, network and critical data. The report identifies these as:
- Credentials
- Phishing
- Exploiting vulnerabilities.
Correlating with the effect of zero-day vulnerabilities like MOVEit, the exploitation of vulnerabilities saw substantial growth as the critical path to initiate a breach this year. In fact, it saw an increase of 180% compared to the 2023 report.
The report’s ‘ways-in’ analysis looks at the initial steps into breaches to help predict how to best avoid or prevent them.
How Does the Data Breach Investigations Report Help Organisations?
The DBIR report is based on data from data breaches and security incidents investigated by the Verizon Threat Research Advisory Centre (VTRAC) or provided by Verizon’s global contributors. This year’s report examined 30,458 incidents, of which 10,626 were confirmed data breaches – a record high – with victims spanning 94 countries.
With the report’s global scope and in-depth analysis of a record number of breaches, this year’s data offers vital insights into the key security threats your organisation may encounter. The report examines how the threat landscape is developing and provides focus areas to help you bolster your business’s information security and data privacy.
The Top 4 Attack Types Compromising Organisations in 2024
The Human Element
This year, Verizon has revised the calculation of the involvement of human error in breaches to exclude malicious privilege misuse, so the report’s human error category doesn’t include malicious insider threats alongside genuine mistakes. Despite this amendment, this year’s data shows the majority of breaches still involve human error. “For this year’s dataset, the human element was a component of 68% of breaches, roughly the same as the previous period described in the 2023 DBIR”.
The core human element of organisations continues to be manipulated by threat actors looking to breach businesses and access sensitive data.
Ransomware
Ransomware is a type of malicious software used by threat actors to block access to a computer system or data set until a sum of money is paid. In the 2024 report, ransomware (or some type of Extortion) was involved in just under a third (32%) of breaches, which demonstrates the importance of having stringent security controls in place to secure your networks, systems and reduce the risk of a successful ransomware attack. Ransomware also appears in 92% of industries as one of the top threats.
Errors
The 2024 dataset saw a growth of breaches involving Errors, now at 28%, as Verizon broadened its contributor base to include several new mandatory breach notification entities. Report authors state that “this validates our suspicion that errors are more prevalent than media or traditional incident response-driven bias would lead us to believe”.
Supply Chain
Data from our State of Information Security Report flagged that managing supply chain and third-party vendor risk was the top challenge for information security leaders, impacting nearly four in 10 (38%). This year’s DBIR supports this finding. The report includes a calculated supply chain interconnection influence in 15% of the breaches, a significant increase from 9% in 2023. This includes breaches where a business partner was the vector of entry for the breach, or physical breaches such as in a partner company facility.
Location Matters: How Your Region Influences Data Breach Patterns
Attack methods and breach types varied widely between geographic regions, which can help organisations decide where their resources are best placed.
APAC
According to the report, system intrusion, social engineering and basic web application attacks represent 95% of APAC breaches. Compared to the previous year, financial motives have increased significantly, making up 75% of motives compared to 61% in last year’s report. Espionage has decreased as a motive for attackers, going from 39% to 25%, but remains significantly higher than EMEA (6%) and North America (4%). Credentials make up a whopping 69% of compromised data in APAC.
EMEA
Attacks in the EMEA region are highly financially motivated, and this trend is continuing upward. This year, 94% of actor motives were financial compared to 91% in the 2023 report and 79% in the 2022 report. Miscellaneous errors, system intrusion and social engineering represent 87% of overall breaches, however it’s worth noting that large new contributor datasets and resultant data skewing have led to a substantial rise in the miscellaneous errors pattern.
Skewed data aside, system intrusion remains the top attack vector in EMEA after overtaking social engineering in 2023, showing the need for security controls to detect this type of attack as quickly as possible. Internal threats were significantly higher in EMEA than other regions, making up 49% of incidents as opposed to 2% in APAC and 8% in NA, aligning with the prevalence of social engineering attacks.
North America
While North America sees 97% of cyber attacks being financially motivated, this is a decrease from last year’s 99%, with espionage increasing from 1% to 4%. Personal data was the most compromised this year at 50%, compared to 38% in the 2023 report, and credential compromise decreased dramatically from 67% in 2023 to 26% in 2024. It’s clear that threat actors are aware of the potential financial gain from data breaches, often choosing to target personal data and a brand’s reputation with ransomware attacks.
System and network intrusion remains the top attack pattern, with social engineering close behind. Combined with basic web application attacks, these attack patterns represent 91% of breaches.
Stepping Up Security: How Businesses Can Safeguard Against Data Breaches
How can organisations protect themselves against data breaches? We identified three key areas for organisations to focus their efforts:
- Data Protection: It’s vital to implement appropriate processes and technical controls to identify, classify and securely handle organisational data. Information security management systems (ISMS) such as those aligned with ISO 27001 can help organisations implement these processes and controls to prevent accidental data leakage or mismanagement.
- Risk Management: Implementing a robust risk management methodology helps organisations maintain full oversight of their risk profile. Undertaking regular risk assessments at a schedule that aligns with a risk’s severity ensures existing risks are assessed and updated, while new risks are identified and treated.
- Security Awareness Training and Education: Human error remains the single biggest attack vector leveraged in data breaches in the last year. It’s key to ensure that staff, stakeholders and interested parties, including your suppliers, have the appropriate training and knowledge at their disposal to detect and report cyber threats so your organisation can identify and mitigate potential incidents and reduce the risk of breaches.
To read the 2024 Data Breach Investigations Report in full, visit: www.verizon.com
You can also access our handy infographic summarising the key takeaways from the 2024 report – download it here.