Governance & Risk Management , Video , Vulnerability Assessment & Penetration Testing (VA/PT)

Verizon Breach Report: Vulnerability Hacks Tripled in 2023

Data Breach Report Lead Author Alex Pinto Discusses Top Findings, Best Practices
Alex Pinto, associate director, Verizon Threat Research Advisory Center

Verizon's 17th annual 2024 Data Breach Investigations Report highlights a troubling trend: The exploitation of vulnerabilities in the wild has tripled, primarily due to ransomware actors targeting zero-day vulnerabilities. The MOVEit vulnerability serves as a poster child for this trend, illustrating how attackers quickly adapt to new opportunities.

See Also: The Cost of Underpreparedness to Your Business

"It's concerning that we're seeing this huge shift ... a prelude for even more growth or a change in this power struggle," said Alex Pinto, associate director at the Verizon Threat Research Advisory Center.

Pinto pointed to a growing disparity between the speed of exploitation and patching. Attacks often occur within five days, he said, while organizations take an average of 55 days to patch 50% of critical vulnerabilities. He stressed the importance of prioritizing vulnerability management, particularly for perimeter and external-facing vulnerabilities, and strengthening security outcomes through vendor management.

In this video interview with Information Security Media Group, Pinto discussed:

  • The increase in breaches involving third-party and supply chain vulnerabilities;
  • The evolving landscape of ransomware and extortion attacks;
  • The importance of security training and awareness programs to address human errors.

Pinto has more than 20 years of experience in building security solutions that focus on the application of data science to cybersecurity. His teams at Verizon are responsible for the Verizon DBIR and support security research and thought leadership in the organization. Pinto joined Verizon in 2018 after it acquired his machine learning-based network detection company, Niddel.

About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.