Vulnerability exploitation surged by nearly 3X in last one year
Source: Middle East Insurance Review | Jun 2024
The 17th-annual data breach investigations report (DBIR) by Verizon has found that ransomware and the meteoric rise of extortion techniques accounted for a third (32%) of all breaches in last one year.
The report said that more than two-thirds (68%) of breaches involve a non-malicious human element and there was a spike of 14% over the year 2023. The report analysed 30,458 security incidents and 10,626 confirmed breaches in 2023 - a two-fold increase over 2022.
The exploitation of vulnerabilities as an initial point of entry almost tripled from the previous year, accounting for 14% of all breaches. This spike was driven primarily by the increasing frequency of attacks targeting vulnerabilities on unpatched systems and devices (zero-day vulnerabilities) by ransomware actors.
Verizon Business said the exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to safeguarding enterprises. In a possible relief to some anxieties, the rise of AI was less of a culprit compared to challenges in large-scale vulnerability management.
While the adoption of AI to gain access to valuable corporate assets is a concern on the horizon, failure to patch basic vulnerabilities has threat actors not needing to advance their approach.
This year’s DBIR findings reflect the evolving landscape that today’s CISOs must navigate - balancing the need to address vulnerabilities quicker than ever before while investing in the continued employee education as it relates to ransomware and cyber security hygiene.
Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues. This metric shows a 68% increase from the previous period described in the 2023 DBIR. M