The 2024 Data Breach Investigations Report by Verizon marks a worrying trend in cybersecurity, noting that the exploitation of vulnerabilities has tripled, largely driven by ransomware groups targeting zero-day vulnerabilities. The MOVEit vulnerability has been specifically spotlighted as a prime example of this trend, demonstrating how cybercriminals are quick to leverage newly discovered exploits. This significant increase points to an urgent need for organizations to bolster their cybersecurity defenses and respond more swiftly to emerging threats.
Alex Pinto, associate director at the Verizon Threat Research Advisory Center, expressed concern over the increasing gap between how quickly vulnerabilities are exploited and the slower pace at which organizations patch them. According to the report, while attackers often exploit critical vulnerabilities within five days of disclosure, organizations take an average of 55 days to patch 50% of these critical vulnerabilities. Pinto emphasized the importance of prioritizing vulnerability management, particularly for perimeter and external-facing vulnerabilities, to enhance security outcomes.
During a video interview with Information Security Media Group, Pinto discussed several key points including the rise in breaches involving third-party and supply chain vulnerabilities, the evolving landscape of ransomware and extortion attacks, and the crucial role of security training and awareness programs. These programs are vital in addressing human errors, which continue to be a significant factor in security breaches. Pinto’s insights draw on over two decades of experience in cybersecurity, where he has focused on the application of data science to enhance security measures.
Since joining Verizon in 2018, following its acquisition of his machine learning-based network detection company, Niddel, Pinto has led teams responsible for the Verizon Data Breach Investigations Report. This team is also charged with supporting security research and promoting thought leadership within the organization. This year’s report not only highlights existing cybersecurity challenges but also serves as a call to action for organizations worldwide to advance their security practices and mitigate the risks posed by rapidly evolving cyber threats.
