Key findings from Verizon’s 2022 Data Breach Investigations Report

Today, Verizon released the 2022 Data Breach Investigations Report (DBIR), analyzing more than 5,212 breaches and 23,896 security incidents. 

The annual report — which is now 15 years in the running — highlighted that attackers have four key paths to enterprise estates; credentials, phishing, exploiting vulnerabilities and malicious botnets. 

Hackers can use any of these entry points to gain access to a protected network and launch an assault. Generally, they’ll do this by exploiting the human element (including errors, misuse and social engineering), which accounted for 82% of intrusions this year. 

More specifically, the research also shows that 50% of breaches revolve around remote access and web applications, while 25% were contributed to by social engineering and credential reuse was involved in 45% of breaches. 

The new threat landscape: ‘breaches beget breaches’ 

Another important revelation from the report is that supply chain incidents are providing threat actors with the materials they need to access downstream enterprise’s systems. The report explains that this is why 97% of firms have reported being negatively impacted by a supply chain security breach in the past. 

Verizon’s DBIR suggests that threat actors use supply chain breaches because they act as a force multiplier — enabling them to breach upstream organizations and service providers before using the access and information they’ve gained to break into the systems of downstream organizations.  

Or as Gabriel Bassett, a senior information security data scientist on Verizon’s Security Research Team, describes it, “Breaches beget breaches. Breaches at a partner can lead to your own breach, as with supply chain breaches. Access paths can be acquired by threat actors and sold on criminal marketplaces.”

Bassett explained that most of the time, hackers exploit the human element to gain initial access, through the use of phishing scams or credential theft and reuse. 

“After purchasing the access, the new attacker monetizes it with another breach, often with ransomware which increased 13% in breaches this year, more than the last 5 years combined,” Bassett said. 

Reflecting on the DBIR: best practices for enterprises 

While mitigating the human element can be challenging for organizations, Bassett said utilizing some core tools that enterprises have at their disposal will help secure the four access paths to their estates. Taking simple steps like deploying two-factor authentication and providing users with password managers to avoid reusing credentials can reduce the likelihood of attackers being able to exploit poor passwords to gain access to internal systems. 

Likewise, organizations can mitigate phishing by implementing strong mail filters and developing clear phishing reporting processes. This way, security teams are ready to act whenever users report a suspicious email, while using antivirus tools to stave off botnet threats and prevent malicious software from infecting endpoints. 

As for vulnerability management, Bassett recommended organizations develop a repeatable asset management process by installing vendor patches when possible and not attempting to patch a new issue every time it arrives. 

Above all, the key to successful defense is efficiency, according to Bassett.

“An important point for organizations is that attackers have repeatable processes for all of these methods of access. The attackers are efficient in these attacks, so we have to be efficient in our defenses,” he said.