2024 Data Breach Investigations Report: Half of the Breaches in EMEA are Internal
May 01 2024 - 12:01AM
Verizon Business today released the results of its 17th annual Data
Breach Investigations Report (DBIR), which analysed 8,302 security
incidents in Europe, the Middle East and Africa (EMEA), of which
6,005 (more than 72%) are confirmed breaches.
Virtually half of the breaches (49%) in EMEA are initiated
internally, suggesting high incidences of privilege misuse and
other human errors. Across EMEA, the top reasons for cybersecurity
incidents are miscellaneous errors, system intrusion, and social
engineering, which account for 87% of breaches. The most common
types of data compromised are personal (64%), internal (33%), and
credentials (20%).
The human element continues to be the front door for
cybercriminals
Most breaches globally (68%), whether they include a third party
or not, involve a non-malicious human action, which refers to a
person making an error or falling prey to a social engineering
attack. This percentage is about the same as last year. One
potential countervailing force is the improvement of reporting
practices: 20% of users identified and reported phishing in
simulation engagements, and 11% of users who clicked the email also
reported it.
“The persistence of the human element in breaches shows that
organisations in EMEA must continue to combat this trend by
prioritising training and raising awareness of cybersecurity best
practices. However, the increase in self-reporting is promising and
indicates a cultural shift in the importance of cybersecurity
awareness among the general workforce,” said Sanjiv Gossain, EMEA
Vice President, Verizon Business
Zero-day vulnerabilities remain a persistent threat to
enterprises
Globally, the exploitation of vulnerabilities as an initial
point of entry increased since last year, accounting for 14% of all
breaches. This spike was driven primarily by the scope and growing
frequency of zero-day exploits by ransomware actors, most notably
the MOVEit breach, a widespread exploitation of a zero-day
vulnerability.
“The exploitation of zero-day vulnerabilities by ransomware
actors remains a persistent threat to enterprises, due in no small
part to the interconnectedness of supply chains,” said Alistair
Neil, EMEA Senior Director of Security, Verizon Business “Last
year, 15% of breaches involved a third party, including data
custodians, third-party software vulnerabilities, and other direct
or indirect supply chain issues.”
Analysis of the Cybersecurity Infrastructure and Security Agency
(CISA) Known Exploited Vulnerabilities (KEV) catalogue revealed
that on average it takes organisations 55 days to remediate 50% of
critical vulnerabilities following the availability of patches.
Meanwhile, the median time for detecting the mass exploitations of
the CISA KEV on the internet is five days.
As a possible relief to some anxieties, the rise of artificial
intelligence (AI) was less of a culprit vs challenges in
large-scale vulnerability management. “While the adoption of
artificial intelligence to gain access to valuable corporate assets
is a concern on the horizon, a failure to patch basic
vulnerabilities has threat actors not needing to rapidly advance
their approach and focusing their use of AI on accelerating social
engineering,” Chris Novak, Sr. Director of Cybersecurity
Consulting, Verizon Business.
Additional key findings:
- About 32% of all breaches involved some type of extortion
technique, including ransomware.
- Over the past two years, roughly a quarter (between 24% and
25%) of financially motivated incidents involved pretexting.
- Over the past 10 years, the use of stolen credentials has
appeared in almost one-third (31%) of all breaches.
View the 2024 Data Breach Investigation Report here.
Click here for more information on ways to help defend
against zero-day vulnerabilities and other cyber threats.
You can also read the Global Press Release here.
About Verizon Verizon
Communications Inc. (NYSE, Nasdaq: VZ) was formed on June 30, 2000
and is one of the world’s leading providers of technology and
communications services. Headquartered in New York City and with a
presence around the world, Verizon generated revenues of $134.0
billion in 2023. The company offers data, video and voice services
and solutions on its award-winning networks and platforms,
delivering on customers’ demand for mobility, reliable network
connectivity, security and control.
VERIZON’S ONLINE MEDIA CENTER: News releases, stories, media
contacts and other resources are available at verizon.com/news.
News releases are also available through an RSS feed. To subscribe,
visit www.verizon.com/about/rss-feeds/.
Media contacts:Sebrina Kepple+44 7391
065817Sebrina.Kepple@verizon.com
Verizon Communications (NYSE:VZ)
Historical Stock Chart
From Apr 2024 to May 2024
Verizon Communications (NYSE:VZ)
Historical Stock Chart
From May 2023 to May 2024