What Verizon's Latest Hacker Report Tells Us (And What to Do About It)
Alright, itās that time of year again! The new Verizon Data Breach Investigations Report (DBIR) just dropped; as usual, Iāve been digging into it. I find digging into the details helpful, and based on past reports, it generally rings true.
This yearās report (number 18, if you can believe it!) has some juicy bits. A few things are definitely changing out there. Here are the five big takeaways that really jumped out at me and should probably be on your radar.
1. Hackers Are Finding More Holes (Not Just Stealing Keys)
For ages, the number one way hackers got in was simple: stolen passwords. Thatās still a massive headache, donāt get me wrong. But something else is seriously catching up ā attackers exploiting weaknesses in software and devices, especially the stuff we leave hanging out on the internet edge, like VPNs and firewalls. Theyāre getting fast, too. The report says they often pounce within just a few days of a flaw being announced, sometimes even faster (often immediately for those edge devices!). Defenders, meanwhile, are taking about a month on average to fully patch these critical edge flaws. Thatās a tough race to win. It really drives home that anything facing the internet should be treated like itās already got a target painted on it. Patching must be almost automatic, and if you canāt patch something super quickly, you better find another way to shield it.
License to Hack: Espionage Nearly Tripled!
Hereās a twist the report emphasized this year: Espionage is way up. It nearly tripled as a motive behind breaches. How are these spies often getting in? Yep, through those same software vulnerabilities ā a large majority of the time for espionage breaches! So, patching those internet-facing systems isnāt just about stopping ransomware gangs; itās also increasingly about keeping state-sponsored actors out.
2. Ransomwareās Still a Pain (Even if Fewer Are Paying)
Ransomware attacks are actually up, showing up in nearly half the breaches Verizon looked at. Yikes. But hereās a glimmer of hope: more companies are refusing to pay the ransom (a solid majority now!), and the average payout has dropped. It may be working. It seems to be forcing the ransomware gangs to switch things up ā theyāre hunting for cheaper ways in (like those software flaws or buying stolen passwords from info stealer logs - the report found many ransomware victims had credentials floating around beforehand!) and sometimes just threatening to leak data instead of locking it up. Side note: Ransomware hits smaller businesses disproportionately hard and is involved in most SMB breaches compared to a much smaller fraction in large organizations. Being ready to say ānoā to ransoms clearly pays off, but that requires having the backups and recovery plan to make it feasible. We must assume our companyās passwords are for sale and focus on spotting intrusions early before attackers dig deep.
3. People Still Make Mistakes (But Robots Are Helping Hackers More)
Yep, the āhuman elementā - clicking bad links, messing up settings, sending emails to the wrong person - is still a factor in most breaches. But that number actually dipped slightly. Why? Because the attackers are getting better at automating their dirty work, like scanning for those vulnerabilities or trying out millions of stolen passwords. When people are the weak link, itās the same old story: reusing passwords, accidental emails, and cloud misconfigurations. One new trick is āMFA fatigue,ā they spam you with login prompts, hoping youāll eventually just hit āapprove.ā While training still matters, the goal should shift less towards never clicking and more towards always reporting weird stuff, fast. Alongside that, we definitely need login methods (MFA) that arenāt so easy to annoy people into bypassing.
4. Your Partnersā Problems Are Your Problems (Now More Than Ever)
Remember MOVEit? Snowflake? 2024 was the year we learned that a security slip-up at one company can spread like wildfire through its customers. The DBIR says breaches involving a third party (think suppliers, software vendors, cloud services) doubled, and they are now involved in about three out of every ten incidents. Ouch. Itās not just data theft; look at the chaos when critical service providers go down. This means we must take a much harder look at the security of the companies we partner with. Itās paramount to know who connects to what and who holds your data and to monitor logins from partners as seriously as we watch our own admins.
5. AI Isnāt Hacking Us Yet (But Weāre Leaking Data To It)
Is ChatGPT writing killer malware? Not according to Verizon, at least not yet. The entire AI risk right now is much more ordinary, mostly us. People use AI tools on work devices, often signing up with personal emails and sometimes feeding them sensitive company documents or code without thinking. Thatās the danger today ā accidental data leaks. So, itās less about fighting Skynet and more about getting back to data handling basics. We need clear rules about which AI tools are okay and strong controls to stop sensitive info from being uploaded where it shouldnāt be.
The Bottom Line?
Attackers are getting quicker, using automation effectively, and finding new angles like increased espionage. This demands faster patching from us, especially on critical edge systems. We must assume credentials will be compromised. As the report suggests, thinking āAssume Access, Ready Defensesā helps focus on post-entry controls. Partner security is now directly tied to our own operational resilience, requiring serious vetting. Training should empower users to report suspicious activity promptly, aiding faster response. And donāt let AI buzz distract from crucial data handling basics today. Itās the familiar security battleground, but the pace is quicker, and the potential impact is wider.
Stay safe out there!