Breaches Double in 2023: Verizon Report Reveals Spike in Vulnerability Exploits

Verizon’s annual Data Breach Investigations Report reveals a disturbing trend in cybersecurity: the use of vulnerabilities as an initial breach point has nearly tripled compared to last year, now accounting for 14% of all incidents.

The analysis indicates that the most significant increase is due to attacks on outdated systems and devices, as well as the exploitation of “zero-day” vulnerabilities, which are actively used by criminals to spread ransomware.

The report documented 30,458 cybersecurity incidents and 10,626 confirmed breaches in 2023, doubling the figures from the previous year. Notably, over two-thirds (68%) of all breaches were related to non-malicious human errors.

CVE-2024-21893

Chris Novak, the senior director of cybersecurity consulting at Verizon Business, emphasized that the exploitation of zero-day vulnerabilities by cybercriminals remains a constant threat to enterprise security.

Interestingly, despite concerns about artificial intelligence, the primary issue remains the management of vulnerabilities on a large scale. Novak added, “While the adoption of artificial intelligence to gain access to valuable corporate assets is a concern on the horizon, a failure to patch basic vulnerabilities has threat actors not needing to advance their approach.”

The report also highlights that, on average, organizations take 55 days to remediate 50% of critical vulnerabilities after patches are released, while the average detection time for mass exploitations is only five days.

This year’s DBIR findings reflect the evolving landscape that today’s CISO’s must navigate– balancing the need to address vulnerabilities quicker than ever before while investing in the continued employee education as it relates to ransomware and cybersecurity hygiene,” said Craig Robinson, Research Vice President, Security Services at IDC. “The breadth and depth of the incidents examined in this report provides a window into how breaches are occurring, and despite the low-level of complexity are still proving to be incredibly costly for enterprises.

The report also found that 32% of all breaches involved some form of extortion, including ransomware. Moreover, in the past two years, approximately a quarter of financially motivated incidents involved extensive premeditation.

Thus, despite growing concerns about AI-related threats, the primary cybersecurity challenge remains the timely remediation of known vulnerabilities in systems and software.

The underestimation of the importance of timely updates and the neglect of basic cybersecurity requirements create ideal conditions for criminals, allowing them to exploit vulnerabilities with minimal effort.

Organizations must prioritize vulnerability management and enhance employee awareness and training in cybersecurity to safeguard their assets and data from escalating threats.