Unlocking insights: highlights from the 2024 Verizon Data Breach Investigations Report (DBIR) 

It’s time for the 2024 Verizon Data Breach Investigations Report (DBIR)! If you aren’t familiar with DBIR, provides invaluable insights into the evolving landscape of…

Nik Earnest  profile picture
Nik Earnest

May 01, 20245 minute read

It’s time for the 2024 Verizon Data Breach Investigations Report (DBIR)! If you aren’t familiar with DBIR, provides invaluable insights into the evolving landscape of cybersecurity. While we don’t want to spoil the report (and strongly encourage everyone to give it a read) there are a few interesting findings that stood out.  

Before we delve into these findings, we want to celebrate a milestone: 2024 marks the 10th consecutive year that the OpenText ArcSight Intelligence™ team has contributed to the DBIR. This collaborative effort underscores our commitment to enhancing collective security through industry expertise and research. We invite you to explore the full report at www.verizon.com/dbir

A black room with a slightly open door on the right with light shining through. The text on the left of the image reads "Contributor Verizon 2024 Data Breach Investigations Report" with the Verizon Business logo in the bottom left corner.

The human element: a persistent challenge 

“[The human element] is present in more than two-thirds of breaches…” – DBIR 2024 

Despite advancements in technology, the human element remains a significant factor in cybersecurity breaches. According to the latest DBIR, human error or manipulation is involved in 68% of breaches, consistent with previous years. From falling victim to phishing attacks to insider threats, employees continue to be vulnerable to exploitation by threat actors. 

Social engineering attacks, leveraging human psychology, are a prevalent tactic. These attacks lead individuals to divulge sensitive information or unwittingly compromise security and are very different than attacks by malicious insiders. In this years report, the human element numbers do not include malicious insiders. Had malicious insiders been included, the human element would have been present in 76% of incidents.  

External? Internal? It’s all about the money 

“[We are] pleased to inform you that the actor motive ranking remains the same. Financial has the clear lead…” – DBIR 2024 

Financial motives remain the primary driving force behind threat actors, with over 90% of breaches being financially motivated, according to the DBIR 2024. Interestingly, internal threat actors accounted for 35% of breaches in 2024, indicating a significant increase from previous years. One might have expected that an increase in internal threat actors would also see an increase in the espionage motive. While this did happen, an increase from 5% to 7% is minimal. This suggests that malicious internal threat actors are just as motivated by financial gain as external actors. 

Threat actor motivation is an important factor to consider when dealing with any incident. A financially motivated threat actor may prioritize persistence in a system ensuring the flow of valuable information or continued disruption and thus, more money for them. An espionage motivated incident may worry less about persistence and instead focus on grabbing everything they can all at once before getting out. Motivation isn’t everything but it may give threat hunters an idea of what they are up against.  

Secure to vulnerable in under 60 seconds – a phishing speed run 

“The median time for user to fall for phishing emails is less than 60 seconds” – DBIR 2024 

It is no surprise that phishing and pretexting continue to be core elements of an attacker’s social engineering toolkit, with 70% of all social engineering incidents involving at least one of these two tactics. As a reminder, phishing involves the use of fraudulent emails to steal data, while pretexting entails the use of fabricated identities or scenarios to deceive individuals into divulging information. 

What’s particularly alarming is the speed at which users can fall victim to these tactics. Research shows that it takes users an average of 21 seconds to click on a malicious phishing email link and a mere 28 seconds to enter their data on the phishing site. When you add it up, a company can transition from secure to vulnerable in under 60 seconds—a speed run your company definitely does not want to participate in! 

AI detects threats before damage is done 

Behavior analytics, powered by AI, plays a crucial role in proactively addressing cybersecurity threats. Behavior analytics focuses on detecting hidden patterns in user behavior and establishing a baseline of normal activity to detect future deviations. This proactive approach to threat detection enables security teams to investigate and respond promptly, reducing the risk of breaches associated with the human element.  

Incorporating behavior analytics into a cybersecurity strategy empowers organizations to proactively address the human side of cybersecurity. By leveraging these technologies, organizations can detect and respond to anomalies, mitigate the risks associated with social engineering attacks and human errors, and strengthen their overall security posture. 

Conclusion 

The insights gleaned from the DBIR serve as a sobering reminder of the ever-present threat landscape. As organizations continue to navigate these challenges, it is imperative to prioritize proactive cybersecurity measures. By fostering a culture of security awareness, leveraging advanced technologies, and collaborating with industry experts, organizations can strengthen their defenses and safeguard their valuable assets against evolving cyber threats. 

Learn more about OpenText ArcSight Intelligence 

To explore the capabilities of behavior analytics and learn more about ArcSight Intelligence’s advanced solutions, please visit https://www.opentext.com/products/arcsight-intelligence. Discover how these innovative technologies can help protect your organization from evolving cyber threats. 

Share this post

Share this post to x. Share to linkedin. Mail to
Nik Earnest avatar image

Nik Earnest

Nik Earnest is a Product Marketing Manager at OpenText focused promoting AI, ML, and behavior analytics in cybersecurity. He currently manages product marketing for OpenText ArcSight Intelligence and Cybersecurity Aviator. With exciting advances in AI, Nik is committed to equipping customers with the tools they need to defend against advanced attacks and insider threats, ensuring the security and integrity of their organizations.

See all posts

More from the author

Series wrap – The rise of the threat hunter

Series wrap – The rise of the threat hunter

As we reach the conclusion of the Threat Hunters blog series, it’s clear that the role of these cybersecurity specialists has never been more important.

October 08, 2024 6 minute read

How to support threat hunters

How to support threat hunters

Threat hunting is a critical aspect of cybersecurity, involving the proactive search for threats and vulnerabilities within an organization’s network. For threat hunters to be effective, they need robust support from their managers and teams.

August 27, 2024 7 minute read

Top three challenges of threat hunting

Top three challenges of threat hunting

Our series on threat hunters has covered what they are and what they do. This week’s post highlights two common mistakes threat hunters make and…

August 06, 2024 5 minute read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.