The numbers from the Verizon 2024 Data Breach Investigation Report speak for themselves. The analysis counts no less than 30,458 “security incidents” in 2023.
In the realm of hackers, it seems that the zero day vulnerability is the queen of entry points. In any case, this is what the very comprehensive 2024 data breach report from Verizon Business, the specialist in business networks, indicates. Among other data, it is a year 2023 placed under the sign of sad records.
Indeed, out of the 30,458 security incidents analyzed, 10,626 confirmed a data breach, an increase of… more than double compared to 2022. But if there is one piece of data in this report that is cause for alarm and surprisingly, it is this: in 2023, 68% of cyberattacks permitted “thanks” to the exploitation of these zero day vulnerabilities were due to human error. Even the use of AI by hackers has not done better.
Detection and correction times for zero-day vulnerabilities are too long, which benefits hackers
“ Exploitation of zero-day vulnerabilities by ransomware remains a persistent threat to enterprise protection “, worries Chris Novak, head of cybersecurity consulting at Verizon Business.
And there is something to be said for it. By 2023, the report indicates that the exploitation of zero-day vulnerabilities has almost tripled and now represents 14% of all cyberattacks.
But as alarming as it may seem, this appetite of hackers for zero day vulnerabilities owes nothing to chance. It’s just opportunism. Indeed, when we know that on average, according to CISA, companies take 55 days to remedy half of the critical vulnerabilities once the patches are available, and that the median time to identify large-scale exploitations is five Today, we better understand the enthusiasm of cybercriminals for this vulnerability.
Human beings responsible for 68% of data breaches
“ Errare humanum est » could very well illustrate another surprising figure from this report. 68% of data breaches involve “ a non-malicious human element “. In other words, for hackers it is a question of taking advantage of an innocent human error that a user or employee of a company commits through lack of vigilance or overconfidence. It could be a simple mistake saving personal data in an insecure environment, or even a click on a document containing malware.
A small clarification, however, among all these worrying figures. 20% of users identified and reported phishing during cyberattack simulation exercises, and 11% of those who opened a fraudulent email also reported it to CIOs. The report concludes that employee training in data security best practices, as well as progress in organizations’ timeliness for patching vulnerabilities, are necessary to reduce cyberattacks. An obvious fact that is still not obvious to everyone, if we remember the attack on Cisco firewalls or that of Microsoft Office, both carried out via zero day flaws.
Finally, it will never be in vain for Clubic to recommend the greatest caution when you put your personal data into play on the Internet, whether by connecting to administrations or to your bank account. We often give you advice on protecting your data, such as our selection of password managers to make your job easier by helping you generate and store strong passwords. However, if you prefer the manual method, then it is strongly advised to use your imagination to avoid passwords that are significantly similar or vary on the same theme.
Finally, don’t hesitate to add an extra layer of protection with enabling two-factor authentication (2FA), which requires additional proof of identity beyond just a password.
Source : Help Net Security
1