Diving Into the DBIR: Vulnerabilities, AI, and Supply Chain
Show notes
Hello to all our Cyber Pals!
Host Selena Larson is joined by guest host Sarah Sabotka as they chat with returning guest: Alex Pinto, Associate Director of Threat Intelligence at Verizon Business, and the architect behind the Verizon Data Breach Investigations Report.
Alex joins hosts Selena Larson and Sarah Sabatka to break down the most important findings from this year's report — and there's a lot to unpack.
From vulnerabilities overtaking credential abuse as the leading initial access vector, to the sobering reality that organizations are patching more but getting worse outcomes, this year's DBIR paints a complex picture of a threat landscape under pressure. The team also digs into the rise of pretexting and voice-based social engineering, what the data actually says about GenAI and threat actors (spoiler: mostly reinventing the wheel — for now), and why third-party and supply chain compromises are quietly becoming one of the biggest stories in security.
They discuss:
- The VERIS framework and why standardization in threat intelligence matters
- Ransomware taxonomy, data extortion, and why classification is still a headache
- Pretexting vs. phishing — and why they require completely different defenses
- Vulnerability exploitation as the new number one initial access vector
- Patching capacity and why outcomes are getting worse despite more effort
- What the DBIR data actually shows about GenAI usage by threat actors
- Third-party and supply chain breaches — up 60% year over year
- Shadow AI and the emerging DLP problem no one's fully ready for
- A sneak peek at Verizon's upcoming cost-of-a-data-breach report
The DBIR drops once a year — make sure you're getting the most out of it with this breakdown straight from the source, all 121 nutritious, fiber-rich pages of it.
Resources Mentioned:
For more information about Proofpoint, check out our website.
Subscribe & Follow:
Stay ahead of emerging threats, and subscribe! Happy hunting!