Top Highlights
- Exploitation of software vulnerabilities has become the leading breach entry point, surpassing stolen credentials, and now accounts for 31% of incidents, highlighting a shift towards direct vulnerability exploitation.
- AI-assisted attacks are accelerating, reducing response times from months to hours, with threat actors using AI in up to 50 attack techniques, significantly increasing the threat landscape.
- Critical infrastructure sectors, especially manufacturing, face rising ransomware activity and third-party breaches, with only 26% of vulnerabilities being remediated promptly, risking operational downtime and supply chain disruptions.
- Mobile-focused social engineering attacks are more effective, with click-through rates 40% higher than traditional phishing, emphasizing increased risks on connected devices and external vendor ecosystems.
Underlying Problem
The Verizon 2026 Data Breach Investigations Report (DBIR) reveals a troubling rise in cyber threats targeting critical infrastructure and industrial sectors. This surge is primarily due to the increased exploitation of software vulnerabilities, which now surpass stolen credentials as the primary method for gaining unauthorized access—accounting for 31% of breaches. The report highlights that attackers are leveraging advancements in AI to accelerate their campaigns, with AI-assisted techniques used across multiple attack stages, drastically shrinking the windows organizations have to respond from months to mere hours. As a result, breaches involving ransomware and third-party vulnerabilities are on the rise, with cybercriminals increasingly targeting connected systems and supply chains—especially in manufacturing, utilities, and transportation—where human factors, such as social engineering and pretexting, also play a significant role. The report stresses that, despite the growing sophistication of attacks, fundamental security practices remain essential; however, the rapid weaponization of vulnerabilities via AI creates a capacity crisis for security teams, making it imperative for organizations to prioritize fundamental safeguards to bolster resilience against these evolving threats.
Furthermore, the report points out that breach incidents are concentrated heavily in North America and Asia-Pacific, driven by external actors and often involving malware, system intrusions, and social engineering efforts. Notably, ransomware continues to be a major threat, responsible for nearly half of all breaches, although fewer victims are paying ransom—leading to a decline in ransom amounts. The report also emphasizes that exploits of known vulnerabilities are increasingly common, yet remediation efforts lag, with only about a quarter of critical vulnerabilities being fully addressed within the recommended timeframes. For instance, a recent ransomware attack on Japan’s Asahi Group halted production and caused significant financial damages, underscoring the real-world impact of these breaches. Ultimately, the report underscores the urgency for organizations—especially in operational technology environments—to reinforce basic security measures, adapt to AI-driven attack techniques, and foster a proactive risk management culture to mitigate these escalating threats.
What’s at Stake?
The Verizon DBIR report reveals that cybercriminals now prefer exploiting vulnerabilities over using stolen credentials to breach critical infrastructure. This shift means that any business, regardless of size, faces a higher risk of attackers finding security gaps in software, networks, or devices. As a result, companies could experience devastating outages, data breaches, or financial loss, disrupting operations and damaging trust. Moreover, because vulnerabilities can be quickly exploited if left unpatched, there’s an urgent need for continuous security updates. Without proactive measures, your business becomes a prime target, and the consequences could be severe and far-reaching.
Possible Next Steps
In critical infrastructure, promptly addressing vulnerabilities is paramount to prevent malicious exploits, especially as recent findings indicate that attackers are increasingly bypassing stolen credentials to gain unauthorized access. Rapid remediation minimizes potential damage, reduces downtime, and helps maintain trust and operational integrity.
Vulnerability Management
Regularly identify, assess, and prioritize vulnerabilities through continuous scanning and inventory updates. Implement a structured patch management process to ensure timely deployment of security updates.
Access Controls
Enforce the principle of least privilege, restricting user permissions to only what is necessary. Implement multi-factor authentication (MFA) to add an extra layer of security beyond passwords.
Detection & Monitoring
Utilize security information and event management (SIEM) systems for continuous monitoring. Deploy intrusion detection/prevention systems (IDS/IPS) to identify suspicious activities rapidly.
Incident Response
Develop and regularly update an incident response plan tailored for breach scenarios. Conduct training and simulations to ensure swift, coordinated action when an incident occurs.
Employee Awareness
Provide ongoing cybersecurity training to educate staff about social engineering tactics, secure password practices, and recognizing suspicious activities, reducing the risk of credential compromise.
Vendor & Third-Party Security
Assess and enforce security standards for third-party vendors to prevent vulnerabilities originating outside your organization. Include security requirements in contracts and conduct regular audits.
Continue Your Cyber Journey
Stay informed on the latest Threat Intelligence and Cyberattacks.
Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1
