Hacking an IT network via zero-day vulnerabilities may grab all the headlines, but the vast majority of cybersecurity-related incidents come as a consequence of employee error.
The latest Verizon Business Data Breach Investigations Report (DBIR) found half (49%) of the incidents across the EMEA region are initiated internally.
Across the EMEA region, the top reasons for cybersecurity incidents include “miscellaneous errors, system intrusion, and social engineering” (87% of all breaches).
Zero-days still a major threat
When hackers make their way into an IT network, they mostly steal personal information (64%), followed by internal data (33%), and login credentials (20%).
But even when data breaches aren’t accidental and include a malicious third party, they are still initiated with a non-malicious human action, Verizon further explains. That means that an employee will either make a mistake, or fall prey to a social engineering attack.
“The persistence of the human element in breaches shows that organizations in EMEA must continue to combat this trend by prioritizing training and raising awareness of cybersecurity best practices,” said Sanjiv Gossain, EMEA Vice President, Verizon Business.
However, the increase in self-reporting is promising and indicates a cultural shift in the importance of cybersecurity awareness among the general workforce.”
This doesn’t mean that attacks via zero-days are negligible. In fact, globally, the exploitation of vulnerabilities as an initial point of entry increased since last year, accounting for 14% of all breaches, Verizon’s report further stated. This spike was driven mostly by the MOVEit cyberattack, which saw the ransomware actors known as Cl0p abusing a zero-day in the managed file transfer solution to compromise thousands of organizations worldwide, and steal enormous amounts of sensitive information.
+ There are no comments
Add yours