Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Verizon DBIR 2025: what changed for security and identity teams?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11631
Topic starter  

TL;DR: Verizon’s 2025 DBIR found third-party involvement in 30% of breaches, initial access through vulnerabilities at 20%, and a 72% employee GenAI usage pattern that often bypassed corporate authentication, according to Verizon. The findings show that breach resilience now depends on supply chain control, rapid exposure reduction, and tighter identity governance around sanctioned AI use.

NHIMG editorial — based on content published by ColorTokens: 2026: Bringing Cyber Resiliency to Organizations

By the numbers:

Questions worth separating out

Q: What breaks when third-party access is not reviewed continuously?

A: The break is that access stays active long after the business relationship, vendor task, or application purpose has changed.

Q: Why do exposed edge systems demand a different remediation model?

A: Because the attack window can be effectively zero once a critical flaw is public.

Q: How can organisations prove their AI controls are actually working?

A: Look for evidence that policy decisions are logged, sensitive prompts are being redacted or blocked when required, and approved AI interactions are traceable by identity and business context.

Practitioner guidance

  • Map third-party trust chains Inventory every external relationship that can authenticate, exchange data, or open support access into production.
  • Prioritise exposed edge systems Classify VPNs, gateways, and other internet-facing control points as high-urgency remediation assets.
  • Bring AI usage under enterprise identity Require corporate authentication for sanctioned GenAI services and block high-risk account creation patterns, especially personal email sign-ups on unmanaged platforms.

What's in the full article

ColorTokens' full post covers the operational detail this analysis intentionally leaves for the source:

  • The vendor’s full breakdown of the four DBIR findings and how each one affects breach readiness planning.
  • Specific examples of how microsegmentation and breach containment are positioned for edge and supply chain resilience.
  • The article’s full discussion of why reporting behaviour matters operationally, not just as an awareness metric.
  • ColorTokens’ own mitigation framing for organisations trying to reduce lateral movement when prevention fails.

👉 Read ColorTokens’ analysis of the four DBIR findings shaping breach readiness →

Verizon DBIR 2025: what changed for security and identity teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11186
 

Third-party exposure has become an identity problem, not just a supplier-risk problem. When 30% of breaches involve third parties, the practical issue is no longer whether a vendor is trusted, but whether delegated access, support pathways, and shared credentials are governed as part of the identity fabric. IAM, PAM, and NHI teams should treat external trust as an extension of their own control plane, because attackers do.

A question worth separating out:

Q: Who is accountable when AI-accelerated phishing leads to an identity breach?

A: Accountability should sit with the teams that own identity governance, privileged access, and incident containment, not only with security awareness programmes. AI makes phishing faster, but it is the organisation's access design that determines how far stolen credentials can go. If access is broad and durable, governance gaps become breach multipliers.

👉 Read our full editorial: Verizon DBIR 2025 signals a reset in breach and identity risk



   
ReplyQuote
Share: