Verizon's #DBIR2025 is sounding the alarm on software supply chains.

Over on the blog, Larry's breaking down how Finite State arms you against the threats in the DBIR. Take a look 👉 https://finitestate.io/blog/dbir-2025-supply-chain-chaos

#CyberSecurity #SupplyChainSecurity #SBOM #IoTSecurity #DevSecOps

📈 Ransomware and vulnerability exploitation are surging — and attackers are moving faster, hitting harder, and targeting smaller victims more aggressively than ever.

Verizon’s 2025 Data Breach Investigations Report reveals sharp increases across multiple threat vectors:
- Ransomware was present in 44% of breaches (up 37% YoY)
- Exploited vulnerabilities surged 34%, nearly matching credential abuse
- Third-party involvement in breaches doubled, from 15% to 30%

Ransomware now disproportionately impacts small and mid-sized businesses:
- 88% of SMB breaches involved ransomware
- Compared to just 39% in larger organizations
- While ransom payments declined, attack frequency and speed continue to rise
- Median ransom payment dropped from $150K → $115K

Vulnerability exploitation is tightly linked:
- 20% of initial breach vectors came from unpatched vulnerabilities
- Edge devices and VPNs were hit hardest (Ivanti, Cisco, Fortinet, Palo Alto)
- Edge device exploitation grew 8x YoY
- Only 54% of known edge vulnerabilities were fully remediated — median patch time: 32 days

Espionage-motivated breaches also leaned heavily on vulnerabilities:
- In 70% of these cases, initial access came from unpatched flaws
- Ransomware operators and state-backed actors continue to exploit the same gaps

The bottom line: attackers aren’t changing tactics — they’re maximizing opportunity.

At @Efani, we believe these numbers paint a clear picture. SMBs, edge networks, and third-party dependencies are now prime targets. Ransomware may not always demand a payment, but it always demands attention.

#CyberSecurity #Ransomware #VulnerabilityManagement #DataBreach #SMBSecurity #DBIR2025 #ThirdPartyRisk #EfaniSecure