A new Verizon report reveals the main reason for hacking many organizations.
Verizon's 17th annual Data Breach report released today shows an alarming trend in cybersecurity: the use of vulnerabilities as the initial point of hacking has almost tripled compared to last year, accounting for 14% of all incidents.
The analysis shows that the largest increase was caused by attacks on non-updated systems and devices, as well as zero-day vulnerabilities that are actively used by attackers to distribute ransomware.
The report recorded 30,458 cybersecurity incidents and 10,626 confirmed breaches in 2023, double the number from the previous year. It is especially worth noting that more than two-thirds (68%) of all violations are related to human errors that do not have malicious intent.
Chris Novak, Senior Director of Cybersecurity Advisory Services at Verizon Business, emphasized: "Exploiting zero-day vulnerabilities by attackers remains a constant threat to enterprise security."
Interestingly, despite the concerns associated with artificial intelligence, the main problem remains vulnerability management on a large scale. Novak added: "While the introduction of AI to access valuable corporate assets raises concerns, organizations' failure to meet basic requirements for patching known vulnerabilities allows attackers to avoid complicating their methods."
The report also indicates that on average, organizations need 55 days to fix 50% of critical vulnerabilities after the release of patches, while the average detection time for mass exploits is only five days.
Craig Robinson, vice president of security Research at IDC, comments: "This year's findings reflect the changing landscape that today's security managers must navigate-balancing the need to quickly fix vulnerabilities and investing in continuing employee education in ransomware and cybersecurity hygiene."
The report also revealed that 32% of all violations are related to some type of ransomware, including ransomware. Moreover, in the last two years, about a quarter of financially motivated incidents involved long pre-training.
Thus, despite the growing concerns about threats related to artificial intelligence, the main problem of cybersecurity remains the inability to eliminate known vulnerabilities in systems and software in a timely manner.
Underestimating the importance of timely updates and ignoring basic cybersecurity requirements creates ideal conditions for attackers, allowing them to successfully exploit vulnerabilities without much effort.
Organizations need to prioritize vulnerability management, as well as raise awareness and train employees in cybersecurity to protect their assets and data from growing threats.
Verizon's 17th annual Data Breach report released today shows an alarming trend in cybersecurity: the use of vulnerabilities as the initial point of hacking has almost tripled compared to last year, accounting for 14% of all incidents.
The analysis shows that the largest increase was caused by attacks on non-updated systems and devices, as well as zero-day vulnerabilities that are actively used by attackers to distribute ransomware.
The report recorded 30,458 cybersecurity incidents and 10,626 confirmed breaches in 2023, double the number from the previous year. It is especially worth noting that more than two-thirds (68%) of all violations are related to human errors that do not have malicious intent.
Chris Novak, Senior Director of Cybersecurity Advisory Services at Verizon Business, emphasized: "Exploiting zero-day vulnerabilities by attackers remains a constant threat to enterprise security."
Interestingly, despite the concerns associated with artificial intelligence, the main problem remains vulnerability management on a large scale. Novak added: "While the introduction of AI to access valuable corporate assets raises concerns, organizations' failure to meet basic requirements for patching known vulnerabilities allows attackers to avoid complicating their methods."
The report also indicates that on average, organizations need 55 days to fix 50% of critical vulnerabilities after the release of patches, while the average detection time for mass exploits is only five days.
Craig Robinson, vice president of security Research at IDC, comments: "This year's findings reflect the changing landscape that today's security managers must navigate-balancing the need to quickly fix vulnerabilities and investing in continuing employee education in ransomware and cybersecurity hygiene."
The report also revealed that 32% of all violations are related to some type of ransomware, including ransomware. Moreover, in the last two years, about a quarter of financially motivated incidents involved long pre-training.
Thus, despite the growing concerns about threats related to artificial intelligence, the main problem of cybersecurity remains the inability to eliminate known vulnerabilities in systems and software in a timely manner.
Underestimating the importance of timely updates and ignoring basic cybersecurity requirements creates ideal conditions for attackers, allowing them to successfully exploit vulnerabilities without much effort.
Organizations need to prioritize vulnerability management, as well as raise awareness and train employees in cybersecurity to protect their assets and data from growing threats.
