2022 Verizon Data Breach Investigations Report, Cyber Security Experts Reactions

The 2022 Verizon Data Breach Investigations Report has been released and the study provides an analysis on security breaches and attack vectors from the last year.

https://www.verizon.com/business/resources/reports/2022/dbir/2022-dbir-data-breach-investigations-report.pdf

Here are Key findings:

  • This year Ransomware has continued its upward trend with an almost 13% increase–a rise as big as the last five years combined (for a total of 25% this year).
  • 2021 illustrated how one key supply chain breach can lead to wide-ranging consequences. Supply chain was responsible for 62% of System Intrusion incidents this year. Unlike a Financially motivated actor, Nation-state threat actors may skip the breach and keep the access.
  • Error continues to be a dominant trend and is responsible for 13% of breaches. This finding is heavily influenced by misconfigured cloud storage. While this is the second year in a row that we have seen a slight leveling out for this pattern, the fallibility of employees should not be discounted.
  • The human element continues to drive breaches. This year 82% of breaches involved the human element. Whether it is the Use of stolen credentials, Phishing, Misuse, or simply an Error, people continue to play a very large role in incidents and breaches alike.
Subscribe
Notify of
guest
6 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Mark Lamb
Mark Lamb , CEO
InfoSec Expert
May 25, 2022 11:24 am

The stats from Verizon’s latest DBIR are not massively surprising. I think most people would agree we are seeing a huge rise in ransomware, and that phishing, stolen credentials, misconfigurations and insiders remain the primary cause of breaches.

I think the most important lesson for businesses to take away from the study is that prioritising defences against these attacks is essential, because clearly none of them are going away anytime soon. In fact, they are all likely to get worse.

Of course, practising good cyber hygiene and employing robust security tools are essential defences, but one of the biggest challenges that often leaves businesses weakest is they don’t fully understand their actual cybersecurity posture. They deploy security tools and carry out training, but they don’t have an easy and accessible way to understand how they are helping reduce their risk, or if weaknesses still exist within their infrastructure that could be exploited maliciously.

As a result, this is a key issue businesses need to address today. To fully defend against attacks and be confident in their security programs, they need to have a clear understanding of how their security and teams are responding to threats, or if there are unforeseen weaknesses that could actually be putting them at harm.

Last edited 1 month ago by Mark Lamb
Mike Newman
Mike Newman , CEO
InfoSec Expert
May 25, 2022 1:55 pm

The Verizon DBIR provides further evidence around the dangers credentials present to organisations. Not only are they the root cause of most data breaches, but they are also a top target for cybercriminals to steal when carrying out attacks. The reasons for this are simple. When attackers have credentials, they have access, and with that access they can monetise.

When it comes to combating the threat, enforcing better password practices and running training on phishing and cybercrime are all valid methods, but they very rarely remove the problem entirely. Some employees will still use weak passwords, while others will continue to recycle the same password they have been using for years. The bad news is it only takes one set of valid credentials to breach an organisation.

Eliminating potential attack vectors through passwordless security and removing passwords from the hands of users where they are still required is a great way to combat this risk. This means credentials can’t be stolen, leaked or socially engineered out of victims, which offers immense security benefits to all businesses, while reducing their vulnerability to data breaches and ransomware.

Last edited 1 month ago by Mike Newman
Rajiv Pimplaskar
InfoSec Expert
May 25, 2022 2:01 pm

Supply chain becoming the #1 attack vector is evidence of the cyber industry’s overreliance on single point vendor products to protect the enterprise. In practice, stacking multiple products not only adds cost and complexity but also gives rise to supply chain vulnerability that Verizon DBIR has correlated to 62% of system intrusions this year. While richness of features is always appealing, what is even more crucial for most mid-market customers is a simplified approach encompassing both network and endpoint security. Such a solution can consolidate zero trust, cloud access and firewall rules with converged network security such as SD-WAN and VPN eliminating the need for multiple solutions thereby drastically cutting supply chain vulnerabilities in the first place.

Last edited 1 month ago by Rajiv Pimplaskar
John Gunn
John Gunn , CEO
InfoSec Expert
May 25, 2022 2:06 pm

The most important research by and for the cybersecurity industry is out and it feels like the movie GroundHog Day where we are waking up to the same results year after year since the first report in 2008. Compromised user credentials and the \”human element\” are still the direct cause of ~80% of breaches. We can collectively wake up from this problem by implementing more secure authentication and going passwordless – biometric and wearable authentication is more secure and more convenient and would almost instantly mitigate a massive amount of cybersecurity vulnerability.

Last edited 1 month ago by John Gunn
Jake Williams
Jake Williams , Executive Director of Cyber Threat Intelligence
InfoSec Expert
May 25, 2022 2:18 pm

The DBIR showed that threat actors continue to gain access to networks using a relatively small number of high-level techniques. Once in a network however, threat actors most often reuse the same set of post-exploitation procedures to perform system reconnaissance, privilege escalation, and lateral movement in the target environment. While organizations can\’t realistically expect to keep all threat actors out of their networks, through CTI-led adversary emulation and detection engineering, they can ensure that  threat actors are detected as early in the intrusion as possible. When threat actors gain a foothold in their network, organizations should be able to ensure it never expands beyond that.

Last edited 1 month ago by Jake Williams
Ben Jones
Ben Jones , CEO and Co-founder
InfoSec Expert
May 25, 2022 2:38 pm

The continuing rise in ransomware attacks is the headline that many will take from the Verizon 2022 DBIR report today but the company itself has rightly put the emphasis on the four ‘key paths’ into organisation’s networks: credentials, phishing, exploiting vulnerabilities and botnets. Defending against these has become especially important as cybercrime has professionalised, with cybercriminals selling these access points online for others to exploit. These ‘access brokers’ monetise the foothold they have within organisations, without having to take any of the risk themselves. At the same time, they make defence much harder for organisations by potentially sharing a vulnerability in their network or supply chain with multiple adversaries.

One way organisations can look to combat the cyber criminals that are selling access to their systems and facilitating attacks is to find them where they operate: on the deep and dark web. By monitoring marketplaces and forums for company credentials and vulnerabilities – or those of organisations in their supply chain – businesses can identify when and where they are at risk of attack. They can also monitor potential phishing sites or dark web traffic going to their organization, which may indicate insider threat. Identifying the early warning signs of when your organisation is at risk will ultimately be more effective at stopping attacks like a ransomware attack than waiting for when the criminals have already gained or bought access to your systems.

Last edited 1 month ago by Ben Jones
Information Security Buzz
6
0
Would love your thoughts, please comment.x
()
x