It’s time for the 2024 Verizon Data Breach Investigations Report (DBIR)! If you aren’t familiar with DBIR, provides invaluable insights into the evolving landscape of cybersecurity. While we don’t want to spoil the report (and strongly encourage everyone to give it a read) there are a few interesting findings that stood out.
Before we delve into these findings, we want to celebrate a milestone: 2024 marks the 10th consecutive year that the OpenText ArcSight Intelligence™ team has contributed to the DBIR. This collaborative effort underscores our commitment to enhancing collective security through industry expertise and research. We invite you to explore the full report at www.verizon.com/dbir.
The human element: a persistent challenge
“[The human element] is present in more than two-thirds of breaches…” – DBIR 2024
Despite advancements in technology, the human element remains a significant factor in cybersecurity breaches. According to the latest DBIR, human error or manipulation is involved in 68% of breaches, consistent with previous years. From falling victim to phishing attacks to insider threats, employees continue to be vulnerable to exploitation by threat actors.
Social engineering attacks, leveraging human psychology, are a prevalent tactic. These attacks lead individuals to divulge sensitive information or unwittingly compromise security and are very different than attacks by malicious insiders. In this years report, the human element numbers do not include malicious insiders. Had malicious insiders been included, the human element would have been present in 76% of incidents.
External? Internal? It’s all about the money
“[We are] pleased to inform you that the actor motive ranking remains the same. Financial has the clear lead…” – DBIR 2024
Financial motives remain the primary driving force behind threat actors, with over 90% of breaches being financially motivated, according to the DBIR 2024. Interestingly, internal threat actors accounted for 35% of breaches in 2024, indicating a significant increase from previous years. One might have expected that an increase in internal threat actors would also see an increase in the espionage motive. While this did happen, an increase from 5% to 7% is minimal. This suggests that malicious internal threat actors are just as motivated by financial gain as external actors.
Threat actor motivation is an important factor to consider when dealing with any incident. A financially motivated threat actor may prioritize persistence in a system ensuring the flow of valuable information or continued disruption and thus, more money for them. An espionage motivated incident may worry less about persistence and instead focus on grabbing everything they can all at once before getting out. Motivation isn’t everything but it may give threat hunters an idea of what they are up against.
Secure to vulnerable in under 60 seconds – a phishing speed run
“The median time for user to fall for phishing emails is less than 60 seconds” – DBIR 2024
It is no surprise that phishing and pretexting continue to be core elements of an attacker’s social engineering toolkit, with 70% of all social engineering incidents involving at least one of these two tactics. As a reminder, phishing involves the use of fraudulent emails to steal data, while pretexting entails the use of fabricated identities or scenarios to deceive individuals into divulging information.
What’s particularly alarming is the speed at which users can fall victim to these tactics. Research shows that it takes users an average of 21 seconds to click on a malicious phishing email link and a mere 28 seconds to enter their data on the phishing site. When you add it up, a company can transition from secure to vulnerable in under 60 seconds—a speed run your company definitely does not want to participate in!
AI detects threats before damage is done
Behavior analytics, powered by AI, plays a crucial role in proactively addressing cybersecurity threats. Behavior analytics focuses on detecting hidden patterns in user behavior and establishing a baseline of normal activity to detect future deviations. This proactive approach to threat detection enables security teams to investigate and respond promptly, reducing the risk of breaches associated with the human element.
Incorporating behavior analytics into a cybersecurity strategy empowers organizations to proactively address the human side of cybersecurity. By leveraging these technologies, organizations can detect and respond to anomalies, mitigate the risks associated with social engineering attacks and human errors, and strengthen their overall security posture.
Conclusion
The insights gleaned from the DBIR serve as a sobering reminder of the ever-present threat landscape. As organizations continue to navigate these challenges, it is imperative to prioritize proactive cybersecurity measures. By fostering a culture of security awareness, leveraging advanced technologies, and collaborating with industry experts, organizations can strengthen their defenses and safeguard their valuable assets against evolving cyber threats.
Learn more about OpenText ArcSight Intelligence
To explore the capabilities of behavior analytics and learn more about ArcSight Intelligence’s advanced solutions, please visit https://www.opentext.com/products/arcsight-intelligence. Discover how these innovative technologies can help protect your organization from evolving cyber threats.