Key enterprise cybersecurity takeaways from the 2024 DBIR

Before building an effective enterprise cybersecurity strategy, one must aim at having a thorough understanding of the threat landscape. For a thorough, detailed analysis, look no further than the Verizon 2024 Data Breach Investigations Report (DBIR). Now in its 17^th year, the authoritative report draws on real-world incidents and breaches, and data from partners across multiple private sector industries, government and law enforcement to deliver well-rounded situational awareness.

The 2024 DBIR features an analysis of 30,458 security incidents and 10,626 confirmed breaches.¹ From this data, we can extract a few key takeaways to help enhance your enterprise cybersecurity risk management strategy:

Be on your guard against extortion

The DBIR found that 90% of data breaches were financially motivated.² Thus, ransomware—a long effective tactic—remains a top threat across 92% of industries, according to the DBIR. Threat actors are now also turning to non-ransomware extortion techniques, as per the MOVEit campaign.³ Ransomware as an action type in breaches fell slightly from 24% to 23% over the past year, but when added to extortion (9%), they both still comprised a third of breaches.⁴

Mitigating the threat of data-based extortion requires risk management across the entire attack surface, from third-party software suppliers and cloud systems to mobile devices and unsolicited emails. As extortion can often stem from zero-day vulnerabilities in commercial software, you should consider investing in enterprise cybersecurity solutions to help mitigate the impact of these attacks and network solutions such as zero trust network access (ZTNA), network segmentation and monitoring.

Help stop Business Email Compromise (BEC) and pretexting in its tracks

Over the past two years, around a quarter of financially motivated incidents have involved pretexting—a form of social engineering that includes Business Email Compromise (BEC).⁵ In fact, it is now more common than phishing among all breach actions.⁶ Together, phishing and pretexting account for 73% of social engineering-related breaches.⁷ Aside from extortion, they are one of the most successful ways threat actors can monetize attacks.

One reason these actions are so successful is because they target human fallibility. You should make sure that your security awareness program is up to date, to include real-world simulations regularly tweaked to reflect changing threat actor tactics. ZTNA can also help by making it harder for hackers because they have to continuously authenticate and prove their legitimacy,  which can make it more difficult to hijack accounts and impersonate colleagues, bosses and suppliers. Finally, AI-powered enterprise cybersecurity solutions in the future may be able to discern unusual email writing styles.

Combat the threat posed by stolen credentials

The success of social engineering attacks is also a significant contributor to the number one initial action type in breaches: the use of stolen credentials. This action was present in 24% of breaches this year and 31% over the past 10 years.^8,9 Credentials are compromised in half of social engineering breaches.¹⁰ In fact, phishing is the most common source of stolen passwords, accounting for 14% of breaches involving credentials, although info-stealing malware is also a threat. This also has an impact on web application attacks, 77% of which are made possible by stolen credentials.^11,12

On one cybercrime market over the course of just two days, Verizon found over 1,000 credentials per day advertised for sale, with an average price of $10.¹³

Helping to protect your organization begins again with phishing awareness training—preferably in short interactive lessons that can be more impactful for employees. ZTNA can help too by using multi-factor authentication (MFA) to make it harder for threat actors to impersonate an employee.

Urgently address the risk of vulnerability exploitation

Thanks, in part, to the impact of the MOVEit campaign, there was a 180% surge in vulnerability exploitation as a cause of data breaches last year.^14,15 The category now accounts for 13% of all breaches.¹⁶

However, not all are zero-day attacks like the one impacting MOVEit, but exploitations of known software flaws. The challenge is the sheer speed with which threat actors are often able to spring into action once a vulnerability has been published. Unfortunately, network defenders are often slow to respond. On average, it takes 55 days for organizations to remediate 50% of critical vulnerabilities listed in CISA's KEV catalog once patches are available, according to the 2024 DBIR.¹⁷

In this context, automated, risk-based patch management programs can help your IT team prioritize and close security gaps. Pen testing can also help identify new vulnerabilities in software. For zero-day vulnerabilities, continuous network monitoring can help to identify suspicious behavior early on.

Tackle supply chain threats without delay

It's not just third-party commercial software that presents a risk to your organization. Even software using open-source components could also contain buggy or malicious code. There are also business partners like law firms and payroll companies to consider, as well as third-party data processors. Together, supply chain partners account for 15% of all breaches today, a 68% annual increase according to the 2024 DBIR.¹⁸

Threat actors will typically look for the weakest link in a supply chain to go after the highest-value targets. That makes mitigating this kind of risk one of the most challenging parts of any security strategy—and one requiring dedicated enterprise cybersecurity solutions. Risk management efforts should start with thorough due diligence on suppliers and regular audits and testing where possible. ZTNA can help monitor and restrict access and regular pen testing could reduce the chances that vulnerable code is exploited.

How Verizon can help

In addition to some of the best practices shared above, Verizon offers cybersecurity solutions for enterprise customers that can help to mitigate many of these risks. These solutions include:

• Penetration Testing to help proactively identify vulnerabilities across network, wireless and web application environments.
• Zero Trust Dynamic Access is a security service edge (SSE) solution built on an innovative distributed cloud architecture platform that combines non-physical cloud nodes and optional physical nodes across locations and devices, either on or off the network, regardless of the operating system used.
• Advanced Security Operations Center is a customizable cybersecurity event-monitoring solution, designed for organizations looking to utilize their SIEM and related security investments with a monitoring and analytics ecosystem customized to their specifications and business requirements.
• SASE Management provides change management, incident management and health monitoring on specific cloud security service instances. A service instance is the unique cloud security tenant that is managed by Verizon. Integrated support will be provided across the customer’s cloud security instances and Verizon-managed Software Defined WAN (SD WAN) which are connected to their cloud security instances.
• Cyber Risk Programs (CRP) is comprised of evidence-based technical risk assessments designed to address a wide spectrum of organizational cyber security risk concerns including potential threats, weaknesses and vulnerabilities.  CRP  analyzes customer cyber security risk controls, provides an estimate of cyber risk exposure in business-relevant or financial terms, and provides prioritized recommendations that may help to reduce cyber risk and consultative support.
• Rapid Response Retainer can help protect data and infrastructures with proactive incident response capabilities customized to your cyber risk profile. This approach allows you to proactively manage risk, augment your incident response capabilities, and effectively manage costs when confronted with an escalated cyber incident or breach.
• DDoS Shield that helps detect and mitigate the effects of unexpected and unpredictable distributed denial-of-service (DDoS) attacks.

To read more on the threat landscape, download the 2024 Data Breach Investigations Report.

The author of this content is a paid contributor for Verizon.