top of page
  • Roy Urrico

Global Perspective: Half of the Breaches in EMEA are Internal

By Roy Urrico


Photo by Tima Miroshnichenko. Pexels.com.

Finopotamus aims to highlight white papers, surveys, analyses and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.


Verizon Business, a division of Verizon Communications, based in Basking Ridge, N.J., recently released its 2024 Data Breach Investigations Report (DBIR) — the 17th annual version. The report analyzed 30,458 real-world security incidents, 10,626 of which were confirmed data breaches (a record high), with victims spanning 94 countries, between November 1, 2022, and October 31, 2023. That includes 8,302 incidents, 6,005 with confirmed data disclosures in Europe, the Middle East and Africa (EMEA).


“Internal company data (such as emails and business documents) and system-specific data also overshadow more exclusive targets such as payment, bank, medical and secrets,” revealed the report. “We have often described how the ransomware (and now pure extortion) breaches mean that the threat actors don’t need to care about the data they are stealing because they will always have the victim organization as the main buyer.”


Human Element Remains a Weakness


Virtually half of the breaches (49%) in EMEA are initiated internally, suggesting high incidences of privilege misuse and other human errors. Across EMEA, the top reasons for cybersecurity incidents are miscellaneous errors, system intrusion, and social engineering, which account for 87% of breaches. The most common types of data compromised are personal (64%), internal (33%), and credentials (20%).


Sanjiv Gossain, EMEA vice president , Verizon Business.

The human element continues to be the front door for cybercriminals. Most breaches globally (68%), whether they include a third party or not, involve a non-malicious human action, which refers to a person making an error or falling prey to a social engineering attack. This percentage is about the same as 2023. One potential countervailing force is the improvement of reporting practices: 20% of users identified and reported phishing in simulation engagements, and 11% of users who clicked the email also reported it.


“The persistence of the human element in breaches shows that organizations in EMEA must continue to combat this trend by prioritizing training and raising awareness of cybersecurity best practices. However, the increase in self-reporting is promising and indicates a cultural shift in the importance of cybersecurity awareness among the general workforce,” said Sanjiv Gossain, EMEA vice president , Verizon Business.


Zero-Day and Artificial Intelligence Increasing Factors


Globally, the exploitation of vulnerabilities as an initial point of entry increased since last year, accounting for 14% of all breaches. This spike was driven primarily by the scope and growing frequency of zero-day exploits by ransomware actors, most notably the 2023 MOVEit breach, a widespread exploitation of a zero-day vulnerability.


“The exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to enterprises, due in no small part to the interconnectedness of supply chains,” said

Alistair Neil, EMEA senior director of security, Verizon Business.

s “Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues.”


Analysis of the Cybersecurity Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog revealed that on average it takes organizations 55 days to remediate 50% of critical vulnerabilities following the availability of patches. Meanwhile, the median time for detecting the mass exploitations of the CISA KEV on the internet is five days.


Quelling certain anxieties, the rise of artificial intelligence (AI) was less of a culprit versus challenges in large-scale vulnerability management, the catalog noted. “While the adoption of artificial intelligence to gain access to valuable corporate assets is a concern on the horizon, a failure to patch basic vulnerabilities has threat actors not needing to rapidly advance their approach and focusing their use of AI on accelerating social engineering,” Chris Novak, senior director of Cybersecurity Consulting, Verizon Business.


Additional Key Findings

 

·         About 32% of all breaches involved some type of extortion technique, including ransomware.

·         Over the past two years, roughly a quarter (between 24% and 25%) of financially motivated incidents involved pretexting – a type of social engineering attack that involves a situation created by an attacker to entice giving up private information.

·         Over the past 10 years, the use of stolen credentials has appeared in almost one-third (31%) of all breaches.


From the DBIR: “The shifting landscape of cyber threats can be confusing and overwhelming. When, in addition to the attack types mentioned above, one throws in factors such as the human element and/or poorly protected passwords, things become even more confused. One might be forgiven for viewing the current state of cybersecurity as a colorful cyber-Mardi Gras parade. Enterprise floats of all shapes and sizes cruising past a large crowd of threat actors who are shouting out gleefully ‘Throw me some creds!’ Of course, human nature being what it is, all too often, the folks on the floats do just that. And, as with all such parades, what is left in the aftermath is not necessarily pretty.”

Comments


bottom of page