CISO Corner Weekly Digest: Articles Tailored for Security Operations Readers and Leaders

Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches

By Tara Seals, Managing Editor, Dark Reading

The Verizon Business’ 2024 Data Breach Investigations Report (DBIR) this week detailed just how far patching can go in heading off a data breach, with big spikes in the use of zero-day use and the use of exploits overall marking the beginning point of breaches in the past year.

The MOVEit software breaches alone accounted for a significant number of analyzed attacks.

It also noted that a full 68% of the breaches Verizon Business identified involved human error — either someone clicked on a phishing email, fell for an elaborate social-engineering gambit, was convinced by a deepfake, or had misconfigured security controls, among other snafus.

In all, a picture in this year’s DBIR emerges of an organizational norm where gaps in basic security defenses — including the low-hanging fruit of timely patching and effective user awareness training — continue to plague security teams, despite the rising stakes for CISOs and others that come with “experiencing a cyber incident.”

Fortunately, there are ways to make these insights actionable for enterprises.

Read more: Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches

Related: Anatomy of a Data Breach: What to Do If It Happens to You, a free Dark Reading virtual event scheduled for June 20. Verizon’s Alex Pinto will deliver a keynote, Up Close: Real-World Data Breaches, detailing DBIR findings and more.