Key lessons from the 2024 Verizon Data Investigations Report

The 2024 Verizon Breach Investigations Report reveals insights into the prevalence and type of cyberattacks facing organizations today. The most alarming statistic is that attacks involving the exploitation of vulnerabilities as the critical path to initiate a breach have increased by 180 per cent. That’s triple the number of breaches due to vulnerabilities since 2023. Ransomware and other extortion-related threat actors are most likely to exploit vulnerabilities as the critical path to initiate a breach. The main vector for those initial entry points was web applications. 

The report shows that the human element is still the largest component in data breaches (68 per cent, which is roughly the same as the 2023 period). Human errors have increased to 28 per cent, suggesting they are more prevalent than media or traditional incident response-driven bias would indicate. And, while threat actors remain the top catalyst for breaches at 65 per cent, internal actors have risen to 35 per cent, a significant increase from 20 per cent in 2023. According to Verizon’s data, 73 per cent of internal actor breaches were due to miscellaneous error patterns, which highlights the risk of human error. 

There hasn’t been a significant rise in the number of ransomware attacks compared to the previous year, but they remain one of the top threats in 92 per cent of industries because of the financial, regulatory, reputational, and operational risks they pose.​ The prevalence of ransomware is complemented by the growth of extortion attacks.​ When combined, ransomware and extortion attacks represent 32 per cent of breaches, while third parties account for 15 per cent. 

Digging a bit deeper into how external threat actors are getting into systems and networks, phishing attacks remain the highest entry point for attacks (36 per cent), followed by vulnerabilities (21 per cent) and credentials (20 per cent).

The bottom line is clear: anything that adds to an organization’s attack surface on the internet can be targeted and potentially become the first foothold for an external threat actor; and human error remains a significant security risk from inside the organisation. 

Observability in multi-cloud environments

Organizations today rely on multi-cloud and hybrid environments increasingly to manage their data and operations. While this approach offers flexibility and scalability, it also introduces significant complexities in maintaining robust security postures. The old boundaries that once separated internal networks from external threats no longer exist.  

As organizations adopt cloud and hybrid work models, their attack surfaces expand significantly. Traditional perimeter-based security models are insufficient in this context, as data and applications are no longer confined within a single, easily defensible network boundary. Data now resides in multiple cloud environments, accessed by users from various locations and devices. This expanded attack surface makes it imperative for IT teams to have an holistic view of their environments to detect and respond to threats swiftly. 

Observability gives organizations comprehensive insights into their systems by collecting, analyzing, and acting on a continuous stream of data from various sources. 

Proven data collection, management, and logging solutions are central to observability. Logging captures detailed records of system activities, providing a trail of breadcrumbs that security teams can follow to detect unusual or suspicious behavior. In an environment where data is dispersed across different cloud platforms, logging solutions become the first line of defense in identifying potential security incidents. 

Logging helps pinpoint the exact moment and nature of any irregular activity. For instance, if there is an unexpected surge in data access requests or an unusual pattern of failed login attempts, logging tools can alert the IT team immediately. This near-real-time detection capability is vital in mitigating the risks associated with increasingly sophisticated cyberthreats. 

Verizon’s latest Breach Investigations Report underscores the growing complexities in cybersecurity and the need for comprehensive security strategies. Given phishing attacks, vulnerabilities, and credential-based breaches are prevalent entry points, IT teams must leverage advanced security solutions that provide continuous visibility and monitoring across all environments. 

How Snare can help

Snare is your new security data engine with extensive data collection, orchestration, and data management solutions that enhance security and compliance cost-effectively. With Snare, organizations can collect security data from across the business using a vendoragnostic security data engine that gives complete visibility and control over data, costs, and compliance. 

Read the full report here Contact the team
Snare Releases Latest Versions of Snare Central and a New User Interface for...How to Safeguard Your Cybersecurity Supply Chain