• Verizon has published its annual Data Breach Investigations Report (DBIR)
• It reveals a ‘dramatic surge’ in data breaches globally
• The number of ransomware incidents continues to rise dramatically, despite a dip in average payouts
• And, of course, cybercriminals are putting AI to work, with bots being used to generate malicious messages
• The EMEA region has by far the highest rate of internal ‘threat actors’

The number of data breaches suffered by enterprises around the world continues to rise at an alarming pace, with ransomware playing an increasing role in cyberattacks even though the median sum paid to the perpetrators has gone down, according to the latest annual and extensive Data Breach Investigations Report (DBIR) published by Verizon Business, which runs to 117 pages. 

The business-to-business (B2B) service provider’s reports team analysed 22,000 security incidents that took place between 1 November 2023 to 31 October 2024, of which 12,195 were confirmed data breaches. In the previous year’s report, the DBIR analysed 30,458 security incidents of which 10,626 were confirmed breaches. 

For Verizon Business, an incident is a “security event that compromises the integrity, confidentiality or availability of an information asset,” while a data breach is an “incident that results in the confirmed disclosure – not just potential exposure – of data to an unauthorised party”. (To clarify the difference, the report authors note that a distributed DoS [DDoS] attack, for example, “is most often an incident rather than a breach since data is rarely exfiltrated”. The team adds, though, that such incidents are no less serious to the victims than actual data breaches.)

The DBIR team delves into a lot of different aspects related to enterprise digital security vulnerabilities and the report – which is written in a very reader-friendly style (it avoids the pomposity so often found in such tomes) – is well worth reading for any company looking for insights and guidance on what to consider with regards to security strategies. 

Some of the key takeaways from the report are:

• The abuse by cybercriminals of credentials, used in 22% of non-error/non-misuse incidents, remains the most common “access vector” (the method or path used to gain unauthorised access to a system or network), though the “exploitation of vulnerabilities” in system/network devices and virtual private networks (VPNs) was not far behind at 20%, while phishing featured as the attack vector in 16% of incidents. The report notes that the number of incidents where the “exploitation of vulnerabilities” was the initial attack vector increased by 34% from last year.  
• Ransomware (with or without encryption) featured in 44% of all data breaches, up from 32% in the previous year. But the median amount paid to ransomware groups has decreased from $150,000 last year to $115,000, while 64% of victim organisations didn’t pay the ransom (up from 50% two years ago). Cybercriminals clearly feel that smaller companies are more susceptible to being exploited – while ransomware was a component of 39% of breaches suffered by large organisations, it featured in 88% of small- and medium-sized business (SMB) breaches. 
• Third-party involvement in breaches has increased dramatically: According to the DBIR, the percentage of breaches involving external parties in partner ecosystems or supply chains doubled year on year. 
• Human involvement in breaches “remains high”, at 60% of the total, according to the report’s findings, though it’s also notable that cybercriminals are now increasingly using AI to do their work for them, with the number of incidents of synthetically generated text being used in malicious emails doubling over the past two years. 
• The inhouse human threat is much more prevalent in the EMEA region than elsewhere, it seems: Some 29% of breaches recorded in EMEA “originated from within the organisation, a stark contrast to APAC, where only 1% of threats are from internal actors, and North America, where internal threats account for just 5% of breaches,” according to Verizon Business. Sanjiv Gossain, group VP and head of EMEA at Verizon Business, noted: “The alarming rate of employee-driven breaches in EMEA underscores a critical need for businesses to strengthen their internal cybersecurity. Organisations must go beyond guarding against external threats and foster a culture of security awareness and accountability within,” he added.  
• State-backed international espionage plays a significant role in data breaches, accounting for 17% of the total, though many want money as well as data – 28% of state-sponsored incidents had a “financial motive”, according to the report. 

Verizon Business, of course, isn’t just sharing the report with the world because it’s a good egg – it’s keen to provide its security services and associated portfolio to the enterprise sector and position itself as a leading player in the managed security service sector. And, it should be noted, it is considered to be one of the leaders in the market, according to the likes of research house GlobalData.

Chris Novak, vice president of global cybersecurity solutions at Verizon Business, noted: “The DBIR’s findings underscore the importance of a multi-layered defence strategy. Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees,” he added. 

- Ray Le Maistre, Editorial Director, TelecomTV