The misuse of credentials and phishing are involved in over 80% of data breaches.
Creative examination of data breaches reveals the attack vectors being used and how they are enabled, emphasizing the functions of credentials and phishing.
As the 2024 Verizon Data Breach Investigations Report was released, we examined the information to carry on our coverage of crucial cybersecurity topics, namely phishing and data breaches.
The research provides new viewpoints and insights that are essential to comprehending how cyber dangers are changing.
This report has traditionally discussed specific attack vectors (such as web applications) and action varieties, such as phishing. However, the most recent version of the report goes one step further and combines both of these ideas to give information security professionals a fresh viewpoint on the true issues with attacks that result in data breaches.
The blog post’s table illustrates that phishing and credentials are included in three of the top four attack combinations.
The top slot being occupied by credentials and online applications is consistent with the recent development of the “credential cyber-economy,” in which credentials are obtained through spoofing brand login pages and subsequently sold on the dark web. In 71% of online application attacks, credentials are compromised, according to the survey.
Email is involved in phishing, however it’s interesting to note that phishing comes in second when it comes to the primary attack vector for credential harvesting attacks (i.e., a series of phishing attacks enabled that attack combination lies behind the top entry).
Glancing down to the fourth and fifth places, we observe that attack vectors using VPNs and desktop-sharing software still use passwords.
Since phishing and credentials are implicated in around 80% of data breaches, email, social engineering, and your users form the most crucial part of any cybersecurity plan.
To support the insecurity revealed by the overwhelming evidence in Verizon’s most recent study, layered security solutions and modern security awareness training are required.
KnowBe4 gives your employees the daily ability to make more informed security decisions. The KnowBe4 platform is trusted by more than 65,000 organizations globally to improve their security culture and lower human risk.