Verizon 2024 DBIR: Employees Remain Weakest Link in Cybersecurity Chain

Employees are undoubtedly the cornerstone of your enterprise’s success. They also represent the Achilles' heel of its security. The harsh truth of cybercrime is that it's just a numbers game. If the right solutions aren’t in place, protecting the organization from email attacks requires employees to correctly identify threats 100% of the time—which simply isn’t feasible.

Last week, Verizon released its 17th annual Data Breach Investigations Report, which explores the perpetrators, tactics, and targets of cybercrime. Building on the trends we’ve seen in recent years, the data revealed how big of a role the workforce plays in creating opportunities for attackers to compromise an organization—and the ways threat actors are capitalizing on those opportunities.

Note: Verizon adjusted its human element metric this year to exclude malicious insiders, which lowered the number slightly from last year.

The vast majority of cybercrime today is successful because it exploits the people behind the keyboard.

Rather than focusing on technical vulnerabilities, modern, socially engineered attacks rely on manipulation and deceit to convince employees to share sensitive data, provide login credentials, and update bank account information. Verizon found that nearly 70% of all breaches include the human element, with people being involved either via unintentional error, use of stolen credentials, or social engineering.

Further, phishing tests revealed that the median time for an employee to click on a malicious link after opening a phishing email is 21 seconds, and then just another 28 seconds for the recipient to provide the requested information. In other words, employees can be tricked into divulging sensitive information via a phishing attack in under a minute.

While the incidence of business email compromise (BEC) did not dramatically increase the way it did between 2021 and 2022 (when it nearly doubled year-over-year), it remains the top type of social engineering incident included in the DBIR.

BEC was also the tactic used in 25% of all financially motivated attacks and, together with phishing, accounted for almost 30% of all breaches analyzed by Verizon.

By relying on text-based communication and opting to compromise people instead of networks, attackers can more easily circumvent conventional security measures. This is because traditional security solutions lack the functionality to understand the subtleties and nuance of language and human behavior, making it difficult for them to distinguish between genuine and malicious intent.

Although compromising employees remains the most direct way for threat actors to infiltrate your organization, every vendor your enterprise works with also represents a potential entry point.

If a vendor hasn’t implemented sufficient security controls and a threat actor successfully compromises an account in their ecosystem, the bad actor can then use that account to launch an attack on your organization. And because any messages would be sent from a legitimate account with no history of malicious behavior, the emails would bypass any signature-based security solution. Further, the targeted employee would have no reason to believe any requests were fraudulent since they would appear to be from the actual vendor.

According to Verizon’s research, 15% of breaches were influenced by supply chain interconnection—a 68% year-over-year growth. The fact is that attackers will always choose the path of least resistance. Unfortunately, this means that an organization’s security is only as strong as its weakest vendor.

Security awareness training is undeniably important, and every enterprise should commit to educating its employees about the threats targeting its organization. However, the most effective way to prevent a data breach is to ensure employees can’t engage with malicious emails in the first place.

An AI-native, API-based email security solution utilizes behavioral data to understand the behavior, communications, and processes of every employee and vendor across the entire organization. Then, it uses computer vision and natural language processing (NLP) to examine email content and identify anomalous activity, enabling it to detect and block threats—before they reach employee inboxes.

See for yourself how Abnormal AI provides comprehensive email protection against attacks that exploit human behavior. Schedule a demo today.