Latest news with #DBIR
Forbes
29-04-2025
- Business
- Forbes
How Machine Learning Is Helping Prevent Data Breaches In Web Apps
Melkon Hovhannisyan is a tech entrepreneur and the CTO and cofounder of Direlli, providing outsourcing and outstaffing services. As web applications become more sophisticated to meet our daily needs, such as shopping and communication, they also become more vulnerable to data breaches. In 2024, web applications were the target of nearly 50% of all data breaches, according to the Verizon Data Breach Investigations Report (DBIR). Cybercriminals see our increasing reliance on web applications as an opportunity to steal sensitive data for financial gain and other selfish motives. Web application owners must invest in and integrate advanced technologies like machine learning into their security systems. The use of machine learning in security started gaining popularity in the 2010s, thanks to advancements in cloud computing and big data. Today, machine learning is integrated into several security tools, including popular ones like Splunk and Microsoft Sentinel. Let's discuss how machine learning is advancing web app security. Machine learning-capable security systems use algorithms that learn from data to detect and respond to security threats instead of relying solely on predefined rules like traditional security solutions. Here are some of the key advantages of ML-driven security systems: • Proactive Threat Detection: This allows security systems to identify emerging threats before they cause harm. • Faster Response Time: ML-capable security systems automate incident detection and response, reducing reaction time and the impact of any potential damage. • Reduced False Positives: ML-capable systems learn to differentiate between normal and suspicious activities, which reduces false positives. • Scalability: Security systems that use machine learning can analyze vast amounts of security data in real time, making them ideal for modern web applications. • Adaptability: ML-capable systems continuously learn and evolve to recognize new attack patterns, making it harder for attackers to trick them. Modern security systems use ML algorithms to analyze user and system behavior to detect deviations from normal patterns. Changes in the behavior of the systems or users may indicate potential security threats such as unauthorized access, data exfiltration or DDoS attacks. Some common examples of behavior changes that these algorithms look out for include: • Unusual login patterns, such as logging in from a new location • Repeated incorrect password attempts • Sudden increase in data transfers • A user accessing sensitive files they don't usually open • Running unusual command-line scripts • A sudden surge in outbound traffic • Abnormal interactions with APIs Security systems that use machine learning can also identify and classify malware, including new and previously unseen versions of the malware. To detect previously unseen malware, ML models analyze system behaviors to detect unusual occurrences such as high CPU usage, unexpected network traffic, frequent crashes and more. In addition to detecting previously unseen malware, ML systems analyze malware behavior, code and execution to classify threats and suggest responses. Phishing is typically the initial step in an attempt to breach data. Machine learning enhances the detection rates for phishing by analyzing email patterns, URLs and sender behavior to identify phishing attempts. ML-powered tools like Microsoft Defender for Office 365 are used to analyze email patterns, attachments and URLs to prevent phishing attacks. One of the ways web app admins can minimize the damage of a data breach in case it happens is by responding as quickly as possible. Security orchestration, automation and response (SOAR) platforms use machine learning for faster and more efficient threat mitigation. Modern SOAR platforms like Splunk Phantom use machine learning to: • Isolate infected devices or block malicious IP addresses. • Reduce response times by prioritizing critical threats. • Lower false positives. The effectiveness of ML models largely depends on the size and quality of the data set used to train them. Poor-quality or biased data can lead to inaccurate threat detection, making security systems unreliable. Popular security platform vendors such as Microsoft and Splunk generally have an advantage in this area because their tools have access to more data. While ML automates many security processes, human oversight is still necessary. Over-reliance on automation can lead to overlooked security risks or incorrect responses to some threats that might go unseen or be misinterpreted by ML systems that are always learning. Machine learning-powered security systems should be used as a tool, not as a replacement for security teams for web apps. Cybersecurity is usually a game of who is ahead (between attackers and the security teams). Attackers will always try and look for security loopholes in any system, including those that use machine learning. Today, attackers can manipulate some machine learning models by feeding them misleading data to evade detection. It is common for ML models to generate false positives or false negatives. Too many false positives can overwhelm security teams, while false negatives can lead to undetected breaches. To minimize false positives and negatives: • High-quality and regularly updated data should be used to train models. • Optimize models with fine-tuning and ensemble methods. • Implement adaptive learning with feedback loops. • Balance detection sensitivity with accuracy. Training and deploying machine learning-based security solutions requires significant computing power and expertise. Security platform vendors will always pass these costs on to the end users. This makes modern security tools that utilize the latest and most powerful models a huge expense that small and medium-sized businesses may struggle to afford. AI and machine learning have gradually become a core part of several security tools over the last 15 years, with many platform vendors integrating these capabilities into their solutions. As web applications become more sophisticated and handle more sensitive user data, there has never been a better time for them to utilize these modern security tools. Despite the limitations discussed in this article, ML-powered security tools are still a much better option than traditional security solutions that rely on pre-configured rules. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Forbes
27-04-2025
- Business
- Forbes
The 5,365 Ransomware Attack Rampage — What You Need To Know
Verison's DBIR report reveals ransomware rampage. As cyberattacks of all flavors continue at an astonishing speed, the FBI issues a do-not-click warning and threat actors find worrying new ways to compromise your accounts, do not ignore the old guard. That's the takeaway from the latest Verizon data breach investigations report, which has revealed that the ransomware rampage is far from over. Given that certain ransomware actors are getting a lot of virtual column inches courtesy of a $1 trillion ransom demand if victims don't respond with a DOGE-trolling bullet list of achievements for the week, you might be excused for thinking that the extortion business has become something of a joke. That, dear reader, would be a big mistake. How big? Well, just look at the numbers: according to the 2025 Verizon DBIR, ransomware attacks have risen by 37% since last year, and are now present in 44% of breaches. Despite the silliness of the DOGE Big Balls ransomware attackers, the median ransom amount paid has decreased from $150,000 to $115,000. The numbers that concern me, and should you, are the ones relating to the presence of ransomware malware itself in data breach incidents. The Verizon DBIR report analyzed 22,000 incidents, of which 12,195 were confirmed data breaches. Some 44% of these, 5,365 to be precise, contained ransomware. That is a 37% jump and represents the extent to which the ransomware rampage is impacting businesses. "The DBIR's findings underscore the importance of a multi-layered defense strategy," Chris Novak, vice president of global cybersecurity solutions at Verizon Business, said. "Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees." The ransomware rampage is set to continue, according to Nick Tuasek, lead security automation architect at Swimlane, who warns that the 'popularization of Ransomware-as-a-Service on the dark web, sophisticated insider threat recruitment efforts by ransomware operators, and the continued rise of the cryptocurrency economy,' will drive this resurgence. Tactics are changing as well, with some threat actors moving to the deletion of data as part of their normal operations, Brandon Williams, chief technology officer at Conversant Group, has warned. 'If this gains traction this year,' Williams said, 'organizations will not have a method to recover by simply paying a ransom and hoping to get a working decryption tool.' The only method of recovery will be backups, but as Williams said, backups do not typically survive these kinds of ransomware breaches. 'According to our own research, ' Williams said, '93% of cyber events involve targeting of backup repositories, and 80% of data thought to be immutable does not survive.' Regardless of the ransomware actor and the ransomware malware deployed, the foundational controls still matter. 'Knowing your total attack surface, testing your environment with an eye toward efficient remediation is key,' Trey Ford, chief information security officer at Bugcrowd, said. Enterprise controls, including visibility, hardening, and MFA for domain admin and remote access, are paramount. 'There is a strong correlational reason cyber insurance underwriters care about those key controls and coverage in the application process,' Ford concluded. If those controls are not adequate, cyber insurance underwriters might have to pay out. Do not let the ransomware rampage swallow your data whole in the coming year; take heed of the warnings and act now to defend your enterprise.
Techday NZ
25-04-2025
- Business
- Techday NZ
Organisations increasingly refuse ransom demands, says DBIR report
The latest edition of the Verizon Data Breach Investigations Report (DBIR) has highlighted significant shifts in global cyberthreat trends, particularly surrounding the ongoing challenge of ransomware attacks. The report, published this week, provides a comprehensive analysis of notable incidents and tactics used by cybercriminals over the past year and offers insight into both the evolution of cyberattacks and changing defensive strategies in organisations globally. One of the key findings in this year's report is a notable decline in the number of organisations paying ransoms following a ransomware attack. The DBIR indicates that ransomware was involved in 44% of data breach incidents, but 64% of affected organisations did not accede to ransom demands. This development suggests an increasing awareness of best practices among businesses and a potential shift in strategy by corporate leadership and IT teams in response to ransomware's perennial threat. Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ, reflected on these findings, stating, "It's encouraging to see a decline in ransomware payments. This could be partially due to greater awareness, plus various takedown operations by law enforcement and international efforts in recent years. The decline could also be a result of improved resilience, which may also be linked to improving business continuity planning and maturing responses to ransomware." Despite the fall in ransom payments, Costis cautioned that the threat is far from abating, indicating that perpetrators are adapting their tactics and finding new targets. "Attacks are still continuing to evolve due to the rise in incidents. Attackers have adapted, and are targeting companies with limited security resources, which makes it imperative that SMB organisations receive the support that is required to fend off these attacks," he added. Nick Tuasek, Lead Security Automation Architect at Swimlane, also weighed in on the report's findings, noting the ongoing transformation of ransomware operations. "Ransomware's rise in impact will continue to increase in the coming years with the popularisation of Ransomware as a Service (RaaS) on the dark web, sophisticated insider threat recruitment efforts by ransomware operators, and the continued rise of the cryptocurrency economy." Tuasek echoed the sentiment that industry collaboration and consistent refusal to pay ransoms is vital to stemming the tide of attacks. "It's great news that fewer organisations are paying the ransoms. The only way to get ransomware to stop is to band together as an industry and make it no longer profitable by refusing to pay the ransoms," he said. The DBIR also points to a disproportionate impact on smaller businesses, underscoring the vulnerabilities faced by organisations with fewer resources. Tuasek highlighted several reasons behind this vulnerability: "There are a few reasons why these organisations are more vulnerable to ransomware attacks, the first being lower general cybersecurity maturity. A robust cybersecurity programme or hiring an MSSP can be priced outside the reach of small organisations. Additionally, a lack of mature disaster recovery procedures or processes in smaller organisations is common, meaning these organisations may be more tempted to pay the ransom to regain access to their data and network quickly." The report's findings add to ongoing discussions among policymakers, business leaders, and cybersecurity experts about the need for increased investment in security infrastructure, especially for smaller organisations. Many agree that further cooperation between private and public sectors, coupled with effective law enforcement action and technological innovation, will be critical in combating the continuing evolution of ransomware and broader cyberthreats facing enterprises worldwide.
Time of India
23-04-2025
- Business
- Time of India
APAC sees 38% on-year rise in data breaches due to system intrusions in 2024: Verizon Business
NEW DELHI: The Asia Pacific region recorded a 38% year-on-year rise in data breaches in 2024, resulting from system intrusions , according to the latest report released by Verizon Business on Wednesday. Collectively, 97% of APAC breaches were caused by just three tactics – system intrusion, social engineering, and basic web application attacks, highlighting the region's increasingly concentrated cyber threat landscape. 'In the Asia-Pacific region, external actors are targeting critical infrastructure and exploiting third-party vulnerabilities. The rising incidence of breaches highlights the imperative for businesses to reassess their risk frameworks, said Robert Le Busque, regional vice president (Asia Pacific), Verizon Business. As per the findings, malware in data breaches in APAC jumped significantly, from 58% in 2024 to 83% this year (till now), with email being the key vector for distributing various malware. This is followed by ransomware, which now accounts for 51% of the total breaches in the region, while social engineering now accounts for only 20% of the total breaches. The findings are based on an analysis of over 22,000 security incidents, including 12,195 confirmed data breaches spanning 139 countries, according to Verizon Business. With the median ransom payment to cybercriminals last year being $115,000, this is a significant amount for many small and medium businesses (SMBs), as per the company. It added that a proactive and comprehensive cybersecurity strategy can help businesses safeguard their assets, protect their customers, and ensure their long-term success in an increasingly digital world. 'Glass-half-full types can celebrate the rise in the number of victim organisations that did not pay ransoms, with 64% not paying versus 50% two years ago. The glass-half-empty personas will see in the DBIR (Data Breach Investigations Report) that organisations that don't have the proper IT and cybersecurity maturity, often the SMB sized organizations, are paying the price for their size with ransomware being present in 88% of breaches,' said Craig Robinson, research vice president (security services), IDC.
Associated Press
23-04-2025
- Business
- Associated Press
Verizon's 2025 Data Breach Investigations Report: System Intrusion Breaches Double in EMEA
LONDON, April 23, 2025 (GLOBE NEWSWIRE) -- Verizon Business today released its 2025 Data Breach Investigations Report (DBIR), revealing a dramatic surge in global data breaches, with EMEA experiencing a significant increase in system intrusion breaches. These breaches have skyrocketed, nearly doubling to 53% of breaches in the region in just one year. The 2025 DBIR, which analysed over 22,000 security incidents, including 12,195 confirmed data breaches, found third-party involvement doubling to 30% in this year's report and a 34% surge in vulnerability exploitation globally. In EMEA, nearly a third (29%) of breaches originated from within the organisation, a stark contrast to APAC, where only 1% of threats are from internal actors, and North America, where internal threats account for just 5% of breaches. Although EMEA experienced the highest percentage of breaches caused by internal actors, the number of insiders decreased by 41% in 2025. This decline was due to a faster increase in other types of breaches. 'The alarming rate of employee-driven breaches in EMEA underscores a critical need for businesses to strengthen their internal cybersecurity. Organisations must go beyond guarding against external threats and foster a culture of security awareness and accountability within,' said Sanjiv Gossain, Group Vice President and Head of EMEA of Verizon Business. 'The surge in system intrusions across EMEA is a clear warning to organisations to urgently fortify both external defenses and internal controls through comprehensive employee training, robust access controls, and zero-trust frameworks.' Key EMEA Findings: Key Global Findings: 'The DBIR's findings underscore the importance of a multi-layered defense strategy,' said Chris Novak, Vice President, Global Cybersecurity Solutions, Verizon Business. 'Businesses need to invest in robust security measures, including strong password policies, timely patching of vulnerabilities, and comprehensive security awareness training for employees.' Sector Spotlight: Manufacturing Hit by Sixfold Surge in Espionage Attacks The 2025 DBIR exposes alarming cybersecurity shifts targeting key industries worldwide. Manufacturing has experienced a dramatic, nearly sixfold surge in espionage-motivated breaches, jumping to 20% from just 3% last year. Healthcare similarly faces rising espionage threats, while Education and Financial industries also continue to battle persistent cybersecurity challenges. Retail organisations have weathered a 15% increase in cyber incidents since 2024, with attackers now pivoting away from payment card data toward easier targets such as customer credentials, business plans, and reports. This year's findings serve as a critical warning for businesses globally—including those in EMEA—to take immediate, decisive action. Organisations must strengthen their cybersecurity defenses against these evolving threats to protect vital assets, maintain customer trust, and ensure sustainable success in today's digital landscape. 'This year's DBIR findings reflect a mixed bag of results. Glass-half-full types can celebrate the rise in the number of victim organisations that did not pay ransoms with 64% not paying vs 50% two years ago. The glass-half empty personas will see in the DBIR that organisations that don't have the proper IT and cybersecurity maturity – often the SMB sized organisations, are paying the price for their size with ransomware being present in 88% of breaches,' said Craig Robinson, Research Vice President, Security Services at IDC. 'While there is no magic pill to swallow that will alleviate the pain of cybersecurity attacks, Verizon's leadership in educating the public on the types of attacker motives, tactics and techniques is a key head start in raising global awareness and cyber readiness.' Visit our Cybersecurity Awareness page to learn more about data privacy and Verizon's efforts. About Verizon Business Verizon Business is a global leader in providing communication and technology solutions to businesses of all sizes. With a comprehensive portfolio of services, including network, cloud, security, and collaboration solutions, Verizon Business helps organizations improve their operations, enhance their customer experiences, and drive innovation. Verizon Communications Inc. (NYSE, Nasdaq: VZ) powers and empowers how its millions of customers live, work and play, delivering on their demand for mobility, reliable network connectivity and security. Headquartered in New York City, serving countries worldwide and nearly all of the Fortune 500, Verizon generated revenues of $134.8 billion in 2024. Verizon's world-class team never stops innovating to meet customers where they are today and equip them for the needs of tomorrow. For more, visit or find a retail location at VERIZON'S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at News releases are also available through an RSS feed. To subscribe, visit Media contact: Sebrina Kepple [email protected]
