#181 - Inside the 2024 Verizon Data Breach Investigations Report

In this episode of CISO Tradecraft, host G Mark Hardy discusses the findings of the 2024 Verizon Data Breach Investigations Report (DBIR), covering over 10,000 breaches. Beginning with a brief history of the DBIR's inception in 2008, Hardy highlights the evolution of cyber threats, such as the significance of patching vulnerabilities and the predominance of hacking and malware. The report identifies the top methods bad actors use for exploiting companies, including attacking VPNs, desktop sharing software, web applications, conducting phishing, and stealing credentials, emphasizing the growing sophistication of attacks facilitated by technology like ChatGPT for phishing and deepfake tech for social engineering. The episode touches on various cybersecurity measures, the omnipresence of multi-factor authentication (MFA) as a necessity rather than a best practice, and the surge in denial-of-service (DDoS) attacks. Hardy also discusses generative AI's role in enhancing social engineering attacks and the potential impact of deepfake content on elections and corporate reputations. Listeners are encouraged to download the DBIR for a deeper dive into its findings. Transcripts: https://docs.google.com/document/d/1HYHukTHr6uL6khGncR_YUJVOhikedjSE  Chapters 00:00 Welcome to CISO Tradecraft 00:35 Celebrating Milestones and Offering Services 01:39 Diving into the Verizon Data Breach Investigations Report 04:22 Top Attack Methods: VPNs and Desktop Sharing Software Vulnerabilities 09:24 The Rise of Phishing and Credential Theft 19:43 Advanced Threats: Deepfakes and Generative AI 23:23 Closing Thoughts and Recommendations