In a recent report by the incident response giant Mandiant, which was purchased by Google in March, their researchers found that 2021 was a record year for the total number of 0-day vulnerabilities disclosed and exploited. According to their findings, their team identified some 80 0-days exploited in the wild. At the same time, Google Project Zero researchers reported the detection and disclosure of 58 0-days.

Verizon’s Data Breach Investigation Report for 2022 (DBIR) was recently released and it has some good news and it has some bad news when it comes to the risk of insider attacks. First the good news, sort of. According to the DBIR, the vast majority of breaches continue to come from external actors (80% vs 18% of insiders). Hopefully we can be a little less suspicious of Bob who sits two offices down from you. However when an insider attack happens, it can be really, really destructive.