Access Vectors and Endpoint Risks: An analysis based on 2025 Verizon DBIR

British mathematician Clive Humby said that "Data is the new oil". If data is the new oil, then a data breach is the new oil spill. Just like an oil spill, data breaches can get messy, costly, and data can leak into places it shouldn't, causing long-term damage. Verizon's Data Breach Investigations Report (DBIR) gives an annual reality check on how much data has spilled each year.

With the advent of AI, the threat landscape is continuously changing. AI helps in building a stronger defense system, but at the same time, it helps attackers break into it. To combat AI-powered attacks, it is essential to know how attackers got in. The recently released 2025 Data Breach Investigations Report from Verizon sheds light on the prominent access vectors. Let's take a look at the different access vectors and ways to reduce their impact with a focus on strengthening endpoint security, which plays a crucial role in preventing breaches at their entry points.

Credential abuse

Credential abuse continues to be the top initial access vector. It is involved in 22% of all the breaches analyzed. On analyzing this situation, it was found that most of the compromised credentials failed to meet complexity requirements. Multi-factor authentication bypass techniques have become so prevalent, such as prompt bombing and token theft, making traditional MFA methods less effective. Unmanaged devices and BYOD has also contributed to credential exposure; it was found that 46% of the compromised systems with corporate logins were unmanaged, indicating risks due to lack of proper security controls.

Vulnerability exploitation

There has been a surge in exploitation of vulnerabilities in the last few years. Over the past two years, vulnerability exploits have surged by 180%, and this year alone, has increased by 34%, accounting for 20% of the total breaches analyzed. Also, there has been an eight-fold increase in edge device vulnerabilities, and a significant delay in remediation has created ample opportunities for the attackers to exploit the vulnerabilities.

This rapid increase in exploitation could be a result of integrating AI into attack tools. AI helps in easier identification of the vulnerabilities, and now exploit codes can be developed with the help of AI, making it easy for attackers to exploit the unpatched vulnerabilities. With evasion of detection and other attack delivery systems being available as a service on the internet, exploitation of vulnerabilities has become easier.

Phishing

The percentage of AI-assisted phishing emails has doubled over the last two years, making them harder to detect as fraudulent, as attackers use polished, human-like language and personalized content that mimics legitimate communication, making them appear trustworthy and bypass traditional security filters. Phishing also dominates social engineering tactics, and it accounts for 16% of all breaches analyzed.

Business email compromise (BEC), a more specifically targeted form of phishing where the attackers impersonate trusted individual or organizations to trick employees into performing actions that result in financial loss or data breaches, has resulted in $6.3 billion in losses.

But is there any good news? Yes, some. All the security awareness did make a difference; there was a fourfold increase in users reporting phishing attempts, but this did not result in a decrease in the number of people clicking the phishing links.

Human threat

The human element is involved in 60% of breaches (excluding malicious insider incidents). Miscellaneous errors account for 12% of all breaches. These errors primarily involve misdelivery, misconfiguration, and publishing errors. Additionally, privilege misuse accounts for 6% of breaches; it involves employees and system administrators exploiting their privileges to misuse data.

Now, we have an idea of how the attacker gets in, but knowing this isn't enough. Implementing the right security measures is essential. Given these attack trends, every organization requires a strong defense system.

Mitigation strategies

With attackers using more advanced deceptive techniques, identifying the threat is just the first step. Let's see how organizations can strengthen their defenses.

Passwordless authentication

Traditional passwords are easy to use, and at the same time, easy to exploit. While strong password policies help, credentials can still be stolen. That is why organizations have to adopt passwordless authentication methods like Windows Hello, which eliminate the risks associated with traditional passwords.

But authentication alone isn’t enough. To contain the impact of a breach truly, it is essential to limit what users can do once they’re inside. This is where endpoint privilege management (EPM) becomes essential. Many attacks succeed not just because of the stolen credentials, but because those credentials gave them excessive access. EPM enforces least privilege, ensuring no user has unnecessary privileges or admin access, thereby reducing the impact of the breach.

Vulnerability assessment and remediation

Regularly scanning your systems to identify weaknesses helps you stay ahead of emerging threats. However, many breaches do not happen because vulnerabilities are unknown. They happen because known issues remain unpatched for too long. The challenge lies in the volume. Most organizations are overwhelmed by the number of vulnerabilities they uncover, and patching every single one at once is simply not practical.

This is where prioritization matters. Not all vulnerabilities carry the same level of risk. Some are actively exploited or exposed on the internet. It is essential that these high-risk vulnerabilities are patched as soon as possible.

Automating the patching process is just as important. It helps ensure that updates are applied quickly and consistently across all endpoints, reducing delays.

Phishing filter

With the advent of AI, phishing has evolved into a powerful tool for attackers; at the same time, it has also driven to innovations on the defense side. Organizations now have multi-layered defense system to fight back against attackers.

User awareness to spot suspicious emails is the first step. The later stages include browser-integrated phishing filters, email security gateways, and ML-based detection systems that can analyze behavior and the sender's reputation in real time. Built-in browser filters warn users when they are about to visit a malicious website. Together, these tools reduce the chance of errors leading to compromise.

Following these strategies, around 60% of the vectors can be effectively mitigated.

Bridging the gap between strategy and execution

While these best practices are effective, managing them manually can be complex. That’s where the right endpoint management solution makes a difference. With ManageEngine Endpoint Central, you get integrated tools for patch management, least privilege enforcement, and browser protection. Start your 30-day, free trial of ManageEngine Endpoint Central.

Meet the author

Sneha P

Technical writer at ManageEngine, passionate about raising awareness of emerging cyber threats. She specializes in translating complex cybersecurity topics into clear, accessible content and aims to make security knowledge practical, actionable, and understandable for a wide audience.