With ransomware and data theft continuing to pose significant threats, the report underscores the importance of comprehensive security programs that include regular vulnerability assessments, prompt patching, employee training, and improved visibility into third-party connections. The comprehensive analysis, which examined over 22,000 security incidents including 12,195 confirmed data breaches, found that exploitation of vulnerabilities as an initial attack vector grew by an alarming 34%, now accounting for 20% of all breaches. The report emphasizes that organizations must implement comprehensive third-party risk management programs, including vendor security assessments, continuous monitoring, and zero-trust security models to mitigate these evolving threats. Verizon Business recently released its 2025 Data Breach Investigations Report (DBIR), revealing a disturbing trend in the cybersecurity landscape: third-party involvement in data breaches has doubled to 30% over the past year, creating unprecedented challenges for organizations worldwide. “The proliferation of third-party integrations in modern business environments has created an expanded attack surface that many organizations fail to properly secure or monitor,” explained Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon Business. With supply chain attacks continuing to rise, the traditional security perimeter has effectively dissolved, requiring a fundamental shift in how organizations approach cybersecurity strategy and implementation. Verizon analysts identified a concerning pattern wherein threat actors are leveraging credential abuse (22%) alongside vulnerability exploitation to create multi-stage attack chains that are increasingly difficult to detect and mitigate. The Verizon 2025 DBIR serves as a critical warning for organizations of all sizes to reevaluate their third-party security postures. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Despite increased awareness and security investments, small and medium-sized businesses (SMBs) remain disproportionately impacted, with ransomware present in 88% of breaches affecting these organizations. This tactical shift demonstrates attackers’ growing sophistication in identifying and leveraging security gaps before organizations can implement patches or mitigations. As threat actors continue to evolve their tactics, focusing increasingly on supply chain vulnerabilities, companies must adopt multi-layered defense strategies that address both technical vulnerabilities and human factors. With the median ransom payment reaching $115,000, these attacks pose an existential threat to many smaller enterprises lacking robust security infrastructure. This significant shift indicates cybercriminals are increasingly targeting supply chain vulnerabilities to compromise multiple victims through a single point of entry, maximizing their impact while minimizing their effort. A typical attack sequence involves initial scanning, vulnerability identification, exploitation, lateral movement, and data exfiltration. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 06:35:05 +0000