Recent reports on the exploitation of cyber weaknesses
Vulnerability exploitation as a source of data security incidents is at a record high, according to the latest Verizon Data Breach Investigations Report (DBIR). Compared to 2022, vulnerability exploits nearly tripled last year. Of the over 30,000 security incidents and more than 10,000 breaches analyzed in the report, this accounts for 14% of the total. Zero-day vulnerabilities (unpatched security flaws unknown to the developers) were a major exploit for ransomware users, as unpatched systems make for easier targets.
One incident can then have substantial ripple effects, such as when the breach of MOVEit’s software expanded to affect the education and finance industries. Breaches that followed in its wake included 800,000 impacted at the University of Georgia, 900 US schools total, as well as 1.3 million residents in the state of Maine, to name a few. The repercussions of that one initial breach are still being felt across the board.
Other factors continue to be a mainstay even while work patterns radically change in numerous verticals. A shift to remote and hybrid working models does little to temper the risks of third party data breaches in the supply chain, or the prevalence of human errors that can lead to the same, as much as any malicious cyber crime. Third parties were involved in 15% of breaches in 2023, while a whopping 68% were due to human mistake, including unwitting targets of social engineering schemes. This tracks with longstanding trends in which human error is a silent assassin in matters of data security, unwitting targets becoming the gateway for hackers to enter the network. On average, the time it takes a person to open a phishing email or enter data on a fraudulent site is under a minute.
Likewise with ransomware (learn more about defense essentials for safeguarding your data from ransomware attacks here). A major threat across 92% of all industries, evolved ransomware and similar extortion techniques accounted for around 32% of all breaches.
If organizations aren’t prepared for these incursions and blackmails, they will end up as part of the next DBIR. Solutions like NetLib Security’s Encryptionizer facilitate the process of strong data security by encrypting stored data across physical, virtual and cloud environments. With virtually no impact on performance, Encryptionizer slots in seamlessly with the rest of your operation with no disruption to workflow.
Request a free evaluation here and see how Encryptionizer can help prevent cyber criminals from exploiting the vulnerabilities in your defense.