Skip to content
Search
Back to Blog

The Verizon DBIR 2024: 3 Key Takeaways for IAM Leaders

Author: Henrique Teixeira

Date: 07/09/2024

The vast majority of identity breaches continue to be linked to a human element, and credential compromise. Third party risk exploded last year. IAM leaders looking to protect their infrastructure against modern attacks should prioritize identity hygiene best practices by locking down privileged credentials, especially from third parties and enforcing a least-privilege corporate policy. 

Findings from the 2024 Verizon DBIR:

  • Credential misuse continues to be the #1 vector of breaches at close to 40%. That’s more than double of phishing and vulnerability exploits. That’s how bad guys are getting their foot in the door. Once inside, roughly one-third of all breaches involved ransomware or some other extortion technique.
  • The human element was a component of more than half of all breaches. 
  • Besides the human element, third party access (usually stemming from supply chain attacks) exploded, increasing 68% since last year.

man-woman-with-chains

Credential Misuse

It’s no surprise bad guys continue to target credentials. Vulnerability exploits grew a lot (MOVEit was a big reason for that), but even then that’s not close to the credential misuse problem.

screen 1

 Select ways-in enumerations in non-Error, non-Misuse breaches over time

 

Recommendation 1: The IAM leader must get a seat at the table together with the CISO, and show this type of data in order to secure a budget for their identity initiatives. Yes, vulnerability management, and phishing are a concern, however, statistically, IAM is where the best bang for their cybersecurity buck is.


The Human Element

The human element was a component of more than half of all breaches, at 68%. That’s more than double of other elements like ransomware or extortion (32%), errors (28%), and third parties (15%). 

Among all human elements, the Verizon report still shows the external actors as the top catalyst for breaches at 65%. That means, the attacker is external, targeting a credential  but there is a resurgence of internal actors at a whopping 35%— it almost doubled since last year. What is curious is that 73% of those internal actor breaches leveraged mundane, basic hygiene identity misconfigurations that could be very easily fixed.

screen 2

Threat actors in breaches over time


Recommendation 2: I really like this statement made by Verizon in the report: “It’s much easier to harden a system than it is to harden an individual”. Gartner research has shown that security awareness training does not directly correlate to safer behavior. If processes are broken or hard to use, they will be bypassed by users, looking for a more efficient way to get their job done. The recommendation to IAM leaders is to beef up the IAM systems to be more resilient against attacks. Mundane and easy-to-fix problems like removing orphan, dormant and out of compliance accounts should be part of everyday identity hygiene. Adoption of MFA by all users should be paramount.


Third Party Risk Explosion

The third party risk driven by supply chain attacks include breaches like Solorigate and attacks like the one perpetrated by LAPSUS$ against Okta in 2022. These account for only 15% of all breaches, but the speed of growth is ramping up at scary 68% year over year.

screen 3

Supply chain interconnection in breaches over time


Recommendation 3: Verizon recommends “organizations start looking at ways of making better choices so as to not reward the weakest links in the chain. In a time where disclosure of breaches is becoming mandatory, we might finally have the tools and information to help measure the security effectiveness of our prospective partners.” – I agree, and recommend IAM leaders to follow a structured approach to deal with their external providers. B2B IAM relationships are complex, and should be well defined by implementing secure delegated administration, identity verification (IDV) and continuous assessment of risk of these supply chain provider identities. That is the best effective way to mitigate this type of attack.

Related Post

Why the DoD Should Add DevSecOps to Its Playbook
Why the DoD Should Add DevSecOps to Its Playbook
READ BLOG
A Practical Guide to CMMC Certification
A Practical Guide to CMMC Certification
READ BLOG
saviynt-cpam
Saviynt CPAM – Disrupting the PAM Market
READ BLOG

Report

2024 Identity and Security Trends

Read the Report

Report

Saviynt a Gartner Peer® Insights Customers Choice for IGA

Read the Report

Solution Guide

IGA Buyer's Guide

Read the Guide

Solution Guide

PAM Buyers Guide

Get the Guide

Whitepaper

Get exclusive identity & security insights in your inbox.

Subscribe