Verizon’s 17th annual report on data violations, published today, highlights a concerning trend in the cybersecurity field. The report reveals that the use of vulnerabilities as the initial hacking point has nearly tripled compared to the previous year, accounting for 14% of all incidents.
An analysis of the data shows that the significant increase is attributed to attacks on unnecessary systems and devices, as well as the exploitation of Zero-Day vulnerabilities by cyber attackers to distribute malicious programs.
In 2023, there were 30,458 cybersecurity incidents reported, with 10,626 confirmed violations – twice the amount compared to the previous year. It is noteworthy that over two-thirds (68%) of all violations are linked to human errors without malicious intent.
Chris Novak, senior director of cybersecurity consulting services at Verizon Business, emphasized the ongoing threat posed by zero-day vulnerabilities, stating, “The exploitation of zero-day vulnerabilities remains a persistent menace to enterprises.”
Despite concerns surrounding artificial intelligence, the report highlights that the primary challenge in cybersecurity is effectively managing vulnerabilities at a large scale. Novak added, “While the adoption of AI for accessing valuable corporate assets raises concerns, failure to address known vulnerabilities allows attackers to exploit them without complexity.”
The report also reveals that organizations took an average of 55 days to address 50% of critical vulnerabilities after patches were released, while the average detection time for mass operations was only five days.
Craig Robinson, vice president of security research at IDC, commented on this year’s findings, stating, “This year’s findings reflect the evolving landscape that today’s security managers must navigate – striking a balance between swiftly addressing vulnerabilities and investing in ongoing employee training in cybersecurity best practices.”
Furthermore, the report indicates that 32% of all violations are related to extortion tactics, including ransomware. Additionally, over the past two years, approximately a quarter of financially motivated incidents involved extensive premeditation.
Ultimately, despite the concerns over AI-related threats, the main cybersecurity challenge lies in the failure to address well-known vulnerabilities in systems and software promptly. Neglecting the importance of timely updates and fundamental cybersecurity practices creates favorable conditions for attackers to exploit vulnerabilities effortlessly.
Organizations are urged to prioritize vulnerability management and enhance employee education and training in cybersecurity to safeguard their assets and data against increasing cyber threats.