Cybersecurity threats are on the rise: What to know so you can address them

Arguably the most important responsibility technology decision-makers face is having the right cybersecurity architecture in place, especially with the potential for massive reputational and financial impacts. A 2024 survey of IT leaders revealed that 70% anticipate their involvement in cybersecurity will increase in the next year. We know that it’s a growing concern for organizations and agencies globally—and with good reason. One evaluation estimates that global cybercrime costs will reach $13.8 trillion USD by 2028.

That’s why for 17 years, Verizon has produced its annual Data Breach Investigations Report (DBIR). The 2024 edition analyzes more than 30,000 real-world security incidents and more than 10,000 data breaches across 94 countries, providing actionable insights leaders can use to keep their companies safe.

Verizon Business is a global leader in cybersecurity, having just been named a leader in the IDC Worldwide Cybersecurity Consulting Services Vendor Assessment. The unique position—a key differentiator—is the Verizon network. While we serve millions of consumers and 99% of the Fortune 500, our network and the massive amounts of data that flows through it allows us to have global visibility on cyberthreats and where threat actors are focusing their efforts.

The 2024 DBIR and its findings back the trends and threats we protect our customers from 24/7.

Among this year’s findings:

The exploitation of vulnerabilities as an initial access step for a breach has almost tripled since last year, up approximately 180%. It now accounts for 14% of breaches, fueled, in part, by the exploitation of the MOVEit vulnerability and several other zero-day exploits.

It can take organizations around 55 days to remediate 50% of critical vulnerabilities after patches are available, yet threat actors typically begin scanning for vulnerable targets within five days.

Over the past 10 years, the use of stolen credentials has played a role in almost one-third (31%) of all breaches.

The DBIR points to human error as a big catalyst for most cyber incidents, with more than two-thirds (68%) of breaches involving a non-malicious human element. These breaches were caused by a person who either fell victim to a social engineering attack or made some type of error. In fact, phishing accounted for 15% of breach access methods. This is not terribly surprising when you consider the median time for users to fall for phishing emails is less than 60 seconds—that’s like watching a YouTube short.

The good news is that according to this year’s data, reporting practices within businesses have been steadily increasing year-over-year, with 20% of users identifying and reporting phishing in simulation engagements. It’s encouraging progress, but there’s more work to be done.

We also found that 15% of breaches involved a third party, including data custodians or third-party hosting providers, and direct or indirect software supply chain issues.

Interestingly, traditional ransomware declined slightly to 23%. However, we see a clear trend of some of those actors moving to pure extortion-based attacks, and roughly one-third (32%) of all breaches involved some type of extortion technique.

The DBIR serves as a reminder that cybersecurity has to be the top priority for businesses. Downtime equals lost revenue and reputational damage that can last for years. Managing 4,200+ networks globally, processing 34 trillion raw logs annually, and with nine security operation centers (SOCs) globally, Verizon Business has the people, solutions and expertise to help the business community thwart bad actors.

With the rapid pace of change across the technology landscape and rising threats, companies must prioritize a culture of cyber awareness that encourages and equips employees with the knowledge and resources needed to combat security threats. Additionally, companies must consider how the following fit within their cybersecurity programs:

• Extended visibility and telemetry

• Breach simulations and tabletop exercises

• Incident response surge support

• Cyber threat intelligence

• Cyber risk quantification

• Vulnerability and patch management

• Responsible AI governance

Having a trusted partner to support in this work makes a difference. To connect with a member of the Verizon Business cybersecurity team, click here.

To access more findings, download the 2024 Data Breach Investigations Report, here.