Verizon’s 2024 Data Breach Investigations Report: Key insights

The 2024 Data Breach Investigations Report (DBIR) is out, providing an in-depth look at the latest trends in cybersecurity. This year’s findings reveal some critical insights: a significant increase in vulnerability exploitation, the continuing impact of ransomware and extortion tactics, the crucial role human error plays in breaches, and the rising threats from supply chain attacks. 

Take a look at these highlights to benchmark your security posture against wider industry standards.

Vulnerability Exploitation

• Vulnerability exploitation has nearly tripled (180% increase).
• Main entry point: Web applications.
• Average time to remediate 50% of critical vulnerabilities: 55 days.

Continuous security validation is crucial when new critical vulnerabilities inevitably emerge, giving you a better chance to reduce or eliminate their impact.

The Impact of Ransomware and Extortion Techniques

• A third of all breaches involved ransomware or some extortion technique.
• Ransomware affects 92% of industries but is down to 23% of cases.
• The average ransom demanded depends on company revenue, with the average being 1.34% of revenue.
• Median loss from these attacks: $46,000, with almost all ranging between $3 and $1,141,467.

Pure extortion (with no encryption), rare in 2022, is gaining frequency. Moving to a Continuous Threat Exposure Management (CTEM) strategy helps to validate whether these extortion techniques can be successfully executed in your environment.

The Human Factor

• Human error is involved in 68% of breaches.
• Median time to click a phishing link: 21 seconds.
• Median time to enter data post-click: 28 seconds.
• Median time to fall for a phishing email: over 60 seconds.

Knowing where human fallibility occurs allows you to focus on security processes that will minimize its impact.

Supply Chain and Internal Threats

• Supply chain attacks are up by 68% from last year, accounting for 15% of breaches.
• External malicious actors account for 65% of incidents.
• Internal threat incidents account for 35%.

The increase over previous years signals a pressing need for monitoring third-party tools and validating access privileges.

Adopting Effective Security Strategies

The DBIR findings highlight the urgent need for stronger cybersecurity measures. Traditional defenses do not suffice against an increasingly complex growing threat landscape. Based on the report’s findings organizations would do well to adopt continuous security validation, employee training, and rigorous third-party monitoring.

See more industry statistics of how security leaders in enterprises across the globe are managing their pentesting programs across their organizations. Click here to read the full Pentera State of Pentesting Report 2024.