The human factor remains the gateway for cybercriminals

Nearly half of breaches in EMEA are initiated internally. A finding that would demonstrate a high incidence of misuse of privileges and other human errors.

Most breaches worldwide (68%), whether they include third parties or not, involve non-malicious human action, which refers to someone making a mistake or falling prey to a social engineering attack.

This is according to Verizon’s 17th annual Data Breach Investigations Report, which analyzed 8,302 security incidents in Europe, the Middle East and Africa (EMEA), including 6,005 ( more than 72%) are confirmed violations.

This percentage of 68% is close to that of last year. On the other hand, on the positive side, reporting practices are improving: 20% of users identified and reported phishing in simulations, and 11% who clicked on the email also reported it.

Zero-day vulnerabilities

Despite this small point of optimism, it is clear that reading this report does not give one peace of mind: the exploitation of vulnerabilities has increased by 180% compared to 2023 and on average, it took around 55 days for organizations to fix 55% of their critical vulnerabilities. Meanwhile, the median time to detect massive KEV CISA exploits on the Internet is five days.

Like other studies, this one finds that the human factor remains the gateway for cybercriminals. This persistence shows that organizations in EMEA must continue to combat this trend by prioritizing training and raising awareness of cybersecurity best practices.

Another concern is that zero-day vulnerabilities remain a persistent threat to businesses. Globally, the exploitation of vulnerabilities as an initial entry point has increased since last year, accounting for 14% of all breaches.

Supply chain

This spike is primarily driven by the scale and increasing frequency of zero-day exploits by ransomware actors. Notably the MOVEit flaw, a widespread exploitation of a “zero-day” vulnerability.

“Exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to businesses due to the interconnectedness of supply chains” said Alistair Neil.

“Last year, 15% of breaches involved a third party, including data providers, third-party software vulnerabilities, and other direct or indirect supply chain issues”specifies this Senior Director of Security at Verizon Business.

Analysis of the Cybersecurity Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog found that it takes organizations an average of 55 days to remediate 50% of critical vulnerabilities after patches become available.

Finally, a third of all breaches involved some type of extortion technique, including ransomware. Over the past two years, around a quarter (between 24% and 25%) of financially motivated incidents involved pretexting.

-

-

NEXT Jiangxi, the world heart of strategic metals