2024 Data Breach Investigations Report (DBIR) summary

May 2, 2024

The annual Verizon Data Breach Investigation Report is out, and along with it an accounting of the #cybersecurity compromise and data breach happenings for the past year. As always, it's filled with data analysis and some trending commentary from the previous DBIR report.

The following is a TL;DR summary generated using fabric by Daniel Miessler with some very minor editing.

SUMMARY:

This year, the 2024 DBIR reveals a significant rise in vulnerability exploitation and ransomware attacks, emphasizing the urgent need for enhanced cybersecurity measures.

TRENDS:

Vulnerability exploitation tripled from last year, driven by zero-day vulnerabilities.
Ransomware and extortion-related breaches accounted for 32% of all breaches.
Human error remains a significant factor, involved in 68% of breaches.
Third-party breaches increased by 68%, highlighting supply chain vulnerabilities.
Financially motivated attacks dominate, with ransomware and extortion leading the charge.
The median loss from #ransomware and extortion attacks was $46,000.
Phishing remains a critical initial attack vector, with a notable increase in reporting rates.
The use of stolen credentials and exploitation of vulnerabilities are top methods for system intrusion.
The #MOVEit vulnerability significantly impacted the threat landscape, affecting numerous industries, continuing the trend of “secure file transfer” systems being a significant risk to both company and customer data.
MOVEit and remote access (e.g. VPN) compromises are the focus of successful system-compromise attacks.

STATISTICS:

180% increase in attacks involving vulnerability exploitation.
Ransomware accounts for 23% of breaches, with pure extortion at 9%.
Human element involved in 68% of breaches.
15% of breaches involved third-party vulnerabilities.
Errors contributed to 28% of breaches.
Financial motives behind 92% of industries targeted by ransomware.
Median loss from ransomware/extortion attacks is $46,000.
20% of users reported phishing attempts in simulations.
Median time to click on a phishing email is 21 seconds.
Exploitation of vulnerabilities as the initial breach action doubled from last year.

QUOTES:

“Ransomware and extortion-related threats continue to evolve, posing significant risks across industries.”
“The human element remains a critical vulnerability in cybersecurity defenses.”
“Supply chain vulnerabilities are increasingly being exploited by attackers.”
“Misdelivery errors highlight the ongoing challenge of human error in data breaches.”
“Financially motivated attacks dominate the cyber threat landscape.”
“The MOVEit vulnerability has had a profound impact on the cybersecurity threat landscape.”
“Increased reporting rates for phishing attempts indicate growing awareness among users.”
“The rapid response to phishing emails underscores the need for continuous user education.”
“Stolen credentials and vulnerability exploitation remain preferred methods for attackers.”
“The rise in third-party breaches underscores the importance of vendor security assessments.”

RECOMMENDATIONS:

Implement multi-factor authentication to mitigate the risk of stolen credentials.
Regularly update and patch systems to protect against vulnerability exploitation.
Conduct continuous phishing awareness training for all employees.
Perform thorough security assessments of third-party vendors and suppliers.
Deploy endpoint detection and response solutions to identify and mitigate ransomware attacks.
Encourage the reporting of phishing attempts and provide clear reporting procedures.
Utilize web application firewalls to protect against basic web application attacks.
Establish robust data backup and recovery processes to minimize the impact of ransomware.
Monitor for unusual activity indicating the misuse of privileges by internal actors.