Verizon has recently published its annual Data Breach Investigations Report (DBIR), which spans 117 pages and reveals concerning trends in cybersecurity. The report highlights a significant 34% increase in attacks exploiting system vulnerabilities, particularly zero-day exploits targeting perimeter hardware and VPNs.
Ransomware remains on the rise, now present in 44% of breaches, showing a staggering 37% increase from the previous year, despite a decline in average payouts. One of the most alarming findings is the doubling of breaches involving third parties, which jumped from 15% to 30%.
This trend emphasizes the heightened risks associated with supply chains and partner networks. Human error continues to play a critical role, with around 60% of breaches linked to people, often due to social engineering and credential abuse.
A standout case involved credential reuse in third-party environments, where leaked secrets on GitHub took a median of 94 days to resolve. Additionally, 30% of systems compromised by info-stealer malware were identified as company-owned, yet nearly half showed insufficient management and stored both personal and work credentials.
This poses a significant risk, particularly in Bring Your Own Device (BYOD) contexts. Espionage-motivated breaches now account for 17% of all cases.
Interestingly, around 28% of incidents involving state-sponsored groups were financially motivated rather than for espionage purposes. Moreover, the emergence of generative AI in cyber threats is evident, with an increase in AI-generated content in malicious emails over the past two years.
Despite some positive trends, such as a rise in organizations refusing to pay ransoms, many small and medium-sized businesses continue to pay the price for inadequate cybersecurity measures. Verizon’s ongoing commitment to educating the public about different attacker motives, tactics, and techniques is essential for enhancing global awareness and readiness against cyber threats.