Verizon’s 2024 Data Breach Investigation Report (DBIR) analyzed 30,458 real-world security incidents. A new high record of 10,626 incidents were confirmed as data breaches, in which hackers successfully obtained sensitive data (rather than just accessing a target system without accessing anything of value).
Roughly one-third of all breaches involved ransomware or other extortion techniques. According to the report, extortion attacks have risen over the past year and now consist of 9% of all breaches. As a result of these new techniques, ransomware has shifted to a decline of 23%. However, combined with today’s threats, Ransomware is a top threat across 92% of industries.
In 2024, a human element was a factor in 68% of the successful breaches, roughly the same as in 2023. This shows that while the specific threats may be changing, many things are staying the same – including the role that employees play in maintaining security. Even with the best intentions, it’s extremely easy for a simple mistake to create a vulnerability that hackers can take advantage of.
Other breaches involved third parties that included partner infrastructure being affected and direct or indirect software supply chain issues. In some cases, these breaches can be avoided by simply selecting vendors with better security track records. (An organization that has a third-party validation of their own security efforts – such as a SOC exam for a software company or a PCI Level 1 Service Provider attestation for a payments organization – can provide more peace of mind that appropriate security measures are in place to protect users’ data. Additionally, breaches due to errors are on the rise, now at 28%, proving errors are more prevalent than previously led to believe by media or traditional incident response-driven bias.
Phishing has become the overall most reported scam over the last few years. In 2023 20% of users reported phishing in simulation engagements. This study also revealed that the average time for users to fall for phishing emails is less than 60 seconds.
As always, these incidents were primarily financially motivated.
If You’re Interested in Improving Your Payment Security
Cyber threats can be confusing and certainly overwhelming. Whether you are a small business that is just getting started or a larger business that has been around for years, cybersecurity should be taken as seriously as a threat.
Strong security measures are your first line of defense against possible data breaches. By helping you take the guesswork and the burden out of protecting your customers’ credit card data, Curbstone is committed to helping our customers solve their most pressing challenges.
Using card tokenization, you can rest assured that sensitive payment data is not saved on your systems, where potential hackers could access it. By limiting the presence of card data on your systems and in your business processes, your environment touches cardholder data less frequently – thus potentially helping you qualify for a shorter PCI SAQ.
We have been in the payment processing industry for more than 20 years and have seen countless payment card security threats come and go. However, our focus on security has remained the same.
When you’re ready to improve your approach to payment security, reach out to us and let Curbstone help you get started.