What To Do About Increased Attacks And Cybersecurity Vulnerabilities

Verizon has issued an annual Data Breach Investigations Report since 2007. This year’s report analyzed more than 30,000 security incidents in 94 countries and found a record high of more than 10,000 confirmed data breaches. The three most common vectors for breaches were unauthorized uses of web application credentials, email phishing, and exploitation of cybersecurity vulnerabilities in web applications.

CSO gleans five main takeaways from the Report: 

• A 180 percent increase in attacks that exploit vulnerabilities. Most but not all of the increase was driven by mass exploitation of the MOVEit zero-day vulnerability (and similar ones). The entry point was usually web applications.
• Ransom gangs and other extortionists were the primary attackers. Analysis revealed that many companies patch cybersecurity vulnerabilities far too slowly, 55 days to fix half of them on average, to stay ahead of bad actors, who can perform large-scale scans for those same vulnerabilities in five days.
• The growing threat of ransomware and extortion is a top threat in 92 percent of industries. The average cost of attacks is also up, which illustrates what CSO calls “a cybersecurity truism, that ransomware is a business for cybercriminals and financially motivated threat actors invariably utilize attack techniques providing the best return on investment.”
• About two-thirds of breaches, roughly the same as the previous year, involve innocent mistakes by employees. There is plenty of room for security awareness to reduce the impact of data breaches.
• Unintended errors that lead to incidents include misconfigurations, clicking on links, and sending out information or unencrypted data that falls into the wrong hands.
• In 2023, 20 percent of people correctly identified phishing in simulation engagements. This continues an upward trend noticeable for the past few years, a sign that education and awareness training works.