#CSAM The Verizon 2022 Data Breach Investigations Report – Key Takeaways
Table Of Contents:
The four critical takeaways highlighted by Verizon in their 2022 Data Breach Investigations Report centre around the pathways by which cyber criminals will attempt to access an organisation’s systems, network and critical data; the report identifies these as:
- Credentials
- Phishing
- Exploiting vulnerabilities
- Botnets
According to the authors, all four are consistent throughout the report and “no organisation is safe without a plan to handle each of them”.
Why Should Organisations Care About The Data Breach Investigations Report
The DBIR report is based on data from actual real-world data breaches and security incidents investigated by the Verizon Threat Research Advisory Centre (VTRAC) or provided by their 87 global contributors. This year’s report examined 23,896 incidents, and 5,212 confirmed security breaches.
Therefore, the insight this data provides sets the scene for the security threats your organisation is likely to face today, how the threat landscape is changing and the critical focus areas to achieve effective information, data and privacy management.
What Are the Main Attack Types Compromising Organisations in 2022
Ransomware
Ransomware attacks are a type of malicious software designed to block access to a computer system until a sum of money is paid. In 2022 25% of breaches came from ransomware, “a 13% year-on-year increase and a rise as big as the past five years combined”. Looking at the pathways for these ransomware attacks, 40% involve stolen credentials via desktop sharing software and 35% use email compromise; therefore, blocking the four critical pathways by which cyber criminals gain access to a network is essential to protect an organisation from this attack vector.
Supply Chain
The SolarWinds incident in 2021 illustrated how one fundamental supply chain breach could lead to pervasive and significant issues for an organisation’s security. Unsurprisingly, supply chain was involved in 61% of incidents this year. Compromising a supplier is potentially hugely lucrative for threat actors, both financially and nation-state attackers, who may look to compromise parts of systems to sit on the data and information it provides without leveraging a financial component.
The Human Element
To err is human, and indeed human error continues to be exploited by attackers looking to breach a network and exploit the spoils. In the last year, 14% of breaches were because of human error. This finding is heavily influenced by misconfigured cloud storage.
Poor security practices also continue to drive breaches. This year, 82% of breaches involved stolen credentials, phishing attacks, misuse or simply an error; people continue to play a considerable role in incidents and breaches.
Data Breach Patterns, Where You Are Influences The Attack Methods Used
This year’s report also identified the geographic differences between attack methods and breach types. This could be helpful insight for organisations deciding where best to place resources to defend against the most common security risk areas.
According to the report, APAC experiences many social media and hacking-related attacks but has a much lower number of ransomware cases than other areas. These attacks are driven primarily by financial motives (54%), but espionage comes a very close second (46%).
The EMEA region sees highly financially motivated attacks, with 79% of attackers looking to monetise their activities. The most popular attack vector, social engineering, illustrates the need for controls to detect this type of attack quickly. Credential theft remains a significant problem, with basic web application attacks seemingly pervasive in the EMEA region.
Comparatively, North America sees almost 96% of cyber attacks being financially motivated; attackers know the value of data and brand reputation for organisations, therefore, how lucrative a breach can be. The last year has seen system and network intrusion surpass social engineering attacks as the dominant attack pattern. However, there also remains a significant problem with social actions such as phishing and business email compromise, which organisations should not ignore when it comes to their security measures and policies.
How Can Organisations Defend Against Data Breaches
Armed with the knowledge of the most successful data breach attack pathways and attack methods, how can organisations protect themselves? The report recommends four key areas of focus:
- Data Protection – Appropriate processes and technical controls to identify, classify and securely handle organisational data in all its forms are essential. Tools such as information management systems or frameworks can help organisations to prevent accidentally exposing their data through email, misconfigurations, and poor security behaviours.
- Secure Configuration – Where possible, organisations should focus on secure engineering solutions from the outset instead of tacking them on later. This approach offers substantial benefits in reducing error-based breaches such as misconfiguration.
- Access Management – Effective management of the rights and privileges of users and the use of controls such as multi-factor authentication can be a critical defence against the use of stolen credentials and unauthorised access.
- Security Awareness Training Program – A classic and one that hopefully does not require a great deal of explanation. With human error and social engineering two of the most significant attack vectors being leveraged in the last 12 months, ensuring your people have the training, systems and knowledge to detect and respond to cyber threats means organisations can more meaningfully defend themselves.
To read the entire 2022 Data Breach Investigations Report, visit: www.verizon.com
We’ve also created a handy infographic summarising the key takeaways which you can download and take away.
