Verizon released its 2024 Verizon Data Breach Investigations Report yesterday, the 17th edition of one of the most sought-after annual reports – the DBIR – which catalogs and analyzes the past year’s trends in cyber crime and provides a comprehensive view of the global threat landscape. This year’s 100-page report covers cyber incidents and data breaches between November 1, 2022, and October 31, 2023, and includes a record 10,626 confirmed data breaches and 30,500 total incidents in its data set.

SC Media gives five key takeaways from this year’s DBIR:

1. Vulnerability exploitation for initial access nearly tripled in 2023. Attackers showed an increased interest in vulnerability exploitation as the initial attack vector, which increased 180% over last year.
2. Human error still factors in most breaches, as users click phishing emails within seconds. The human element of cyber incidents was one of the main focuses of this year’s DBIR, which factored into 68% of breaches.
3. Pure extortion attacks increase, signaling decreased reliance on encryption ransomware. Pure extortion attacks occur when attackers simply steal data without encrypting it and threaten to leak it if a ransom isn’t paid. When both numbers for pure extortion and ransomware attacks are combined, the same increasing trend from the last few years is seen. This indicates a change in attacker strategy, not necessarily a decrease in ransomware-related threats.
4. Generative AI is yet to make a significant mark in the cyber attack landscape. The report mentioned that because of the “hype” surrounding generative AI (GenAI) in recent times, they “kept an eye out” for indications of its use in attacks. However, it noted that “nothing materialized in the incident data we collected globally.”
5. Threat actors continue to adapt to cyber defenses. Certain aspects of threat actor behavior indicate that attackers are adapting to changes in cyber defenses as shown from the report.

As the threat landscape continues to evolve and threat actors continue to adapt their methods, cybersecurity professionals should also adapt their strategies to combat these threats. Members are encouraged to review this seminal report and share the findings and insights within their organization to strengthen cybersecurity posture and ensure everyone is aware of potential threats and attack vectors. The DBIR also makes a great resource for security awareness and education training topics. Access the full DBIR at Verizon.