How AI can help safeguard businesses from cyberattacks
By Yanitsa Boyadzhieva
May 3, 2024
To embed our video on your website copy and paste the code below:
<iframe src="https://www.youtube.com/embed/PM09WHhdbLc?modestbranding=1&rel=0" width="970" height="546" frameborder="0" scrolling="auto" allowfullscreen></iframe>
Yanitsa Boyadzhieva, TelecomTV (00:05):
In the past few years, reports from across the globe have found an alarming increase in cybersecurity threats, especially as companies and societies move to a more digitalized world. Verizon business reiterated this in its latest Data Breach Investigations report. Now let's find out more on these findings from Philip Larbey lead of the Verizon Threat Advisory Team for emea. Hi Phil, it's a pleasure speaking with you again. First off, your latest report rate alarm on the level of cybersecurity incidents found and also breaches confirmed in 2023, have these increased compared to previous years. And what do you suspect are the main reasons for this trend?
Phillip Larbey, Verizon (00:49):
Yes, I mean, it's a great question. The data breach report that we issue, of course, is based upon the data that we collect from is current 94 countries and about 80 contributors. So from year to year, the size of the dataset that we have will be different. And the great news about the 2024 report is that it's actually double the amount of data that we've actually seen in the 2023 report. So whilst it may not be an indicator of the level of cyber incidents that are occurring globally, certainly we know from the day-to-day activity of what our teams are handling in terms of customer incidents, the forensics that we're doing, yes, there's no question that there is a continual increase in the volume, overall volume that we tend to handle. But the actual report itself, I think the one thing I can say is it's more qualitative this year because we have a substantially greater size of data that gives us really good insights in terms of, as you said, the geography, where the incidents are occurring, but also from what we call a vertical sector perspective, which commercial sectors are we seeing being targeted?
(02:13):
Where are the incidents being successful? And we certainly can see some changes. Probably one of the key things for this year is actually some additional contributors that we have to the report in 2024, which includes some very key, what we call local competent authorities, and they're the authorities to whom mandatory reporting of cyber instance must occur. So for this year, it's given us a very, very interesting insight into the volume of instance that are being reported because of things like GDPR and that's given us a slightly different picture to where it was last year.
Yanitsa Boyadzhieva, TelecomTV (02:54):
And how do cyber attacks vary by type and the motivations behind them? And is this region specific?
Phillip Larbey, Verizon (03:01):
Yes, very much so. Certainly what the 2024 report is telling us that from what we saw last year was of course the very serious nature of ransomware attacks. That is still incredibly prevalent. We saw it somewhat leveling out of the volume of ransomware attacks last year across all different sectors and all different geographies. But one of the very interesting dynamics that the 2024 report shows us is we knew that there was an element of ransomware or ransomware attacks where there was what we call a double-edged sword. There was a secondary extortion dynamic that was beginning to appear and that was steering data from organizations by threat groups and then having a second extortion to stop them, pay that extortion to stop them making that confidential data public. When we actually take that extortion dynamic, which is growing in addition to the ransomware levels, which have remained relatively the same as last year, but the extortion dynamic has certainly seen as take a leap in terms of how from a proportionate basis, ransomware and extortion is now pretty much a third of everything that we're seeing.
(04:25):
The other dynamic is, as I mentioned earlier about the mandatory reporting to some of the contributors of the report, and sometimes there is a significant focus on the external threat that is coming into organizations, but this mandatory reporting is actually very clearly unveiling how much of an internal risk actually exists. And we talk about miscellaneous error and that encompasses a number of things. Misdelivery sending things inadvertently to the wrong ity misconfiguration, which is just the human error of configuring some of the security environment incorrectly, but also the susceptibility of individuals to things like social engineering attacks. Now when we take all of those into account, this internal error dynamic is actually now getting almost as much as the volumes that we see within ransomware and extortion. So ransomware and extortion is about a third. This internal error has jumped from around about one in 10 of the breaches that we see to almost one in three, so about actually about 28%.
(05:39):
So the report is very much a reminder this year of really what that internal error dynamic is as well. The third most serious dynamic that we're dealing with is really what we call business email compromise. That is a way that threat groups are able to compromise organizations email capabilities or service, and manipulate those email accounts so that they can induce payments going out of the organization to their own accounts. And again, we've seen a very significantly increase in that. So they're predominantly sort of the key type of attack types that we're seeing. And from a geography perspective, we're actually seeing them very much everywhere.
Yanitsa Boyadzhieva, TelecomTV (06:25):
That's very interesting. And you mentioned the human error diving into the landscape in the EMEA region. Your report suggests that the human element in breaches continues to be significant. In your view, what are the reasons for this and what improvements can be made there?
Phillip Larbey, Verizon (06:41):
Again, it's extremely good question because the human person is quite a delicate dynamic in that from one day we can do something which can be very logical and very sensible, and the next day, for whatever reason, we can do something that is completely different and would appear crazy. The threat actors know that the human person is susceptible in different circumstances. And Covid pandemic, when everybody was working at home, showed us that they had almost a completely different security psyche. So the second dynamic here is that the security infrastructure that most organizations operate dealing with the human person and its ability to do so many different things on different days, that's far more difficult for technology to actually be able to deal with. And the threat actors know that. So they play very heavily upon the weaknesses within the human person, the susceptibility to, for example, in phishing, making something look very real, that it's genuine and inducing them into clicking on something. So as much as the threat community can use, the frailties of the human person means they've got better chances of succeeding in their attacks. So they're very clear about where they can use the she and person in different individual phases of the attacks that they're currently undertaking. And certainly the trend that we can see over a number of years tells us that prevailing upon that human element is actually causing their attacks to be incredibly successful.
Yanitsa Boyadzhieva, TelecomTV (08:36):
So on that matter, do you see a rising need in the use of AI to assist with protection from cyber attacks?
Phillip Larbey, Verizon (08:44):
Oh, I don't think there's any question there. Absolutely. Yes. And we're already beginning to see the introduction of AI in addition to machine learning, particularly at the very first phases of when security infrastructure is alerting that there may be something going on within their environment. So whether they're using endpoint detection and response that creates alerts for just as an example, that usually goes to a security operations command, a SOC as it's called. And historically, that's been a very manualized process of dealing with those alerts to actually identify whether they're true malicious or whether they're false positives. The introduction of AI now that is available at that what we call level one type of instant response means because of the learning from all of the things that have gone on in the past, it means the automated process with AI means the ability for the infrastructure to respond through triage is so much more quickly. And we talk about something called mean, time to respond. That's how quickly, of course, can you respond to these errors. And we're seeing these new applications and capabilities that bring in AI at that level one area is significantly improving that meantime to respond.
Yanitsa Boyadzhieva, TelecomTV (10:10):
So AI is increasingly used by companies, but is it also increasingly utilized by criminals as well in the digital space? And are you concerned its role will become more integral to future complex cyber threats?
Phillip Larbey, Verizon (10:24):
Absolutely. There's no question. And we do cover AI within the 2024 DBIR this year in the context of how is it being used by threat actors and the likes of criminals. We're certainly seeing with so much emphasis that's now on the likes of generative AI chat GPT for example, we're certainly seeing how threat actors are using that type of AI in the social engineering type of attacks. So when they're preparing phishing emails or pretexting, then they're using that generative AI to make the social engineering attacks far, far, far more realistic. What we are not seeing is the use of AI in the actual continued ongoing process of an attack once it's actually within the organization. So is it likely to come in the future, I suspect, yes, we will begin to see that, but there's no evidence in the data that we've had certainly this year or last year that shows that there's any significant use of it in the scope of attacks.
Yanitsa Boyadzhieva, TelecomTV (11:34):
Well, that's good to know. Phil it was a pleasure finding out more about the latest insights from Verizon Business on cybersecurity attacks. Thanks for joining us.
Phillip Larbey, Verizon (11:43):
You're very welcome. Thank you very much for being here.
In the past few years, reports from across the globe have found an alarming increase in cybersecurity threats, especially as companies and societies move to a more digitalized world. Verizon business reiterated this in its latest Data Breach Investigations report. Now let's find out more on these findings from Philip Larbey lead of the Verizon Threat Advisory Team for emea. Hi Phil, it's a pleasure speaking with you again. First off, your latest report rate alarm on the level of cybersecurity incidents found and also breaches confirmed in 2023, have these increased compared to previous years. And what do you suspect are the main reasons for this trend?
Phillip Larbey, Verizon (00:49):
Yes, I mean, it's a great question. The data breach report that we issue, of course, is based upon the data that we collect from is current 94 countries and about 80 contributors. So from year to year, the size of the dataset that we have will be different. And the great news about the 2024 report is that it's actually double the amount of data that we've actually seen in the 2023 report. So whilst it may not be an indicator of the level of cyber incidents that are occurring globally, certainly we know from the day-to-day activity of what our teams are handling in terms of customer incidents, the forensics that we're doing, yes, there's no question that there is a continual increase in the volume, overall volume that we tend to handle. But the actual report itself, I think the one thing I can say is it's more qualitative this year because we have a substantially greater size of data that gives us really good insights in terms of, as you said, the geography, where the incidents are occurring, but also from what we call a vertical sector perspective, which commercial sectors are we seeing being targeted?
(02:13):
Where are the incidents being successful? And we certainly can see some changes. Probably one of the key things for this year is actually some additional contributors that we have to the report in 2024, which includes some very key, what we call local competent authorities, and they're the authorities to whom mandatory reporting of cyber instance must occur. So for this year, it's given us a very, very interesting insight into the volume of instance that are being reported because of things like GDPR and that's given us a slightly different picture to where it was last year.
Yanitsa Boyadzhieva, TelecomTV (02:54):
And how do cyber attacks vary by type and the motivations behind them? And is this region specific?
Phillip Larbey, Verizon (03:01):
Yes, very much so. Certainly what the 2024 report is telling us that from what we saw last year was of course the very serious nature of ransomware attacks. That is still incredibly prevalent. We saw it somewhat leveling out of the volume of ransomware attacks last year across all different sectors and all different geographies. But one of the very interesting dynamics that the 2024 report shows us is we knew that there was an element of ransomware or ransomware attacks where there was what we call a double-edged sword. There was a secondary extortion dynamic that was beginning to appear and that was steering data from organizations by threat groups and then having a second extortion to stop them, pay that extortion to stop them making that confidential data public. When we actually take that extortion dynamic, which is growing in addition to the ransomware levels, which have remained relatively the same as last year, but the extortion dynamic has certainly seen as take a leap in terms of how from a proportionate basis, ransomware and extortion is now pretty much a third of everything that we're seeing.
(04:25):
The other dynamic is, as I mentioned earlier about the mandatory reporting to some of the contributors of the report, and sometimes there is a significant focus on the external threat that is coming into organizations, but this mandatory reporting is actually very clearly unveiling how much of an internal risk actually exists. And we talk about miscellaneous error and that encompasses a number of things. Misdelivery sending things inadvertently to the wrong ity misconfiguration, which is just the human error of configuring some of the security environment incorrectly, but also the susceptibility of individuals to things like social engineering attacks. Now when we take all of those into account, this internal error dynamic is actually now getting almost as much as the volumes that we see within ransomware and extortion. So ransomware and extortion is about a third. This internal error has jumped from around about one in 10 of the breaches that we see to almost one in three, so about actually about 28%.
(05:39):
So the report is very much a reminder this year of really what that internal error dynamic is as well. The third most serious dynamic that we're dealing with is really what we call business email compromise. That is a way that threat groups are able to compromise organizations email capabilities or service, and manipulate those email accounts so that they can induce payments going out of the organization to their own accounts. And again, we've seen a very significantly increase in that. So they're predominantly sort of the key type of attack types that we're seeing. And from a geography perspective, we're actually seeing them very much everywhere.
Yanitsa Boyadzhieva, TelecomTV (06:25):
That's very interesting. And you mentioned the human error diving into the landscape in the EMEA region. Your report suggests that the human element in breaches continues to be significant. In your view, what are the reasons for this and what improvements can be made there?
Phillip Larbey, Verizon (06:41):
Again, it's extremely good question because the human person is quite a delicate dynamic in that from one day we can do something which can be very logical and very sensible, and the next day, for whatever reason, we can do something that is completely different and would appear crazy. The threat actors know that the human person is susceptible in different circumstances. And Covid pandemic, when everybody was working at home, showed us that they had almost a completely different security psyche. So the second dynamic here is that the security infrastructure that most organizations operate dealing with the human person and its ability to do so many different things on different days, that's far more difficult for technology to actually be able to deal with. And the threat actors know that. So they play very heavily upon the weaknesses within the human person, the susceptibility to, for example, in phishing, making something look very real, that it's genuine and inducing them into clicking on something. So as much as the threat community can use, the frailties of the human person means they've got better chances of succeeding in their attacks. So they're very clear about where they can use the she and person in different individual phases of the attacks that they're currently undertaking. And certainly the trend that we can see over a number of years tells us that prevailing upon that human element is actually causing their attacks to be incredibly successful.
Yanitsa Boyadzhieva, TelecomTV (08:36):
So on that matter, do you see a rising need in the use of AI to assist with protection from cyber attacks?
Phillip Larbey, Verizon (08:44):
Oh, I don't think there's any question there. Absolutely. Yes. And we're already beginning to see the introduction of AI in addition to machine learning, particularly at the very first phases of when security infrastructure is alerting that there may be something going on within their environment. So whether they're using endpoint detection and response that creates alerts for just as an example, that usually goes to a security operations command, a SOC as it's called. And historically, that's been a very manualized process of dealing with those alerts to actually identify whether they're true malicious or whether they're false positives. The introduction of AI now that is available at that what we call level one type of instant response means because of the learning from all of the things that have gone on in the past, it means the automated process with AI means the ability for the infrastructure to respond through triage is so much more quickly. And we talk about something called mean, time to respond. That's how quickly, of course, can you respond to these errors. And we're seeing these new applications and capabilities that bring in AI at that level one area is significantly improving that meantime to respond.
Yanitsa Boyadzhieva, TelecomTV (10:10):
So AI is increasingly used by companies, but is it also increasingly utilized by criminals as well in the digital space? And are you concerned its role will become more integral to future complex cyber threats?
Phillip Larbey, Verizon (10:24):
Absolutely. There's no question. And we do cover AI within the 2024 DBIR this year in the context of how is it being used by threat actors and the likes of criminals. We're certainly seeing with so much emphasis that's now on the likes of generative AI chat GPT for example, we're certainly seeing how threat actors are using that type of AI in the social engineering type of attacks. So when they're preparing phishing emails or pretexting, then they're using that generative AI to make the social engineering attacks far, far, far more realistic. What we are not seeing is the use of AI in the actual continued ongoing process of an attack once it's actually within the organization. So is it likely to come in the future, I suspect, yes, we will begin to see that, but there's no evidence in the data that we've had certainly this year or last year that shows that there's any significant use of it in the scope of attacks.
Yanitsa Boyadzhieva, TelecomTV (11:34):
Well, that's good to know. Phil it was a pleasure finding out more about the latest insights from Verizon Business on cybersecurity attacks. Thanks for joining us.
Phillip Larbey, Verizon (11:43):
You're very welcome. Thank you very much for being here.
Please note that video transcripts are provided for reference only – content may vary from the published video or contain inaccuracies.
Phillip Larbey, EMEA Lead for the Verizon Threat Advisory Team
In the past few years, reports have found an alarming increase in cybersecurity threats. Here, we catch up with Phillip Larbey, lead of the Verizon threat advisory team for EMEA, to discuss the latest findings from the Data Breach Investigations Report by Verizon Business. He also offers his views on the role of AI in protecting organisations from cyberthreats and explores whether the technology could also be used by threat actors going forward.
Recorded May 2024
Email Newsletters
Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.
