Verizon Data Breach Investigations Report - 2022
Friday, June 17th, 2022
Yay! Another Cyber Report Has Been Released!
Yeah… Right. I could feel the enthusiasm through the screen as you read that. Honestly though, there’s nothing to fret about!
Welcome back to another article of Hacker Hub’s collection! As always, I hope everyone is doing well and taking care of themselves.
Today, we’ll be breaking down a few parts of the 2022 Data Breach Investigation Report (curated by Verizon w/ the help, collaboration, and data share of many major organizations).
All information found below can be found at the following link: 2022 Data Breach Investigation Report
Now, right off the bat, this document is 108 pages long… That’s quite hefty. There’s literally no need for you to read the entire thing unless you want all of the explanations you could ever ask for.
So, with that being said, here’s our breakdown of Data Breaches for 2022:
For the year of 2022, Credentials and Phishing were the leading factors in organization compromise. There are the 4 major areas (Credential Misuse, Phishing, Exploit Vulnerabilities, and Botnets) that companies should always have a game plan for, regardless of what cybersecurity stance they have.
Ransomware has continually increased its popularity as a tool for extortion and and controlling access to an organization. With a massive rise of 25% from years past (combined) - this easily is the most growth we’ve seen in this area.
As mentioned in the picture above: if your company is focused on controlling the 4 major areas (Credential Misuse, Phishing, Exploit Vulnerabilities, and Botnets), then you’d be controlling the most common ways ransomware finds its way into your infrastructure.
As seen in the charts above, from 2017 to 2021, system configurations were a huge issue for 2019. Since then, it’s been really nice to see that industry professionals are getting a grip on their systems and how they’re configured.
82% of breaches involved humans in one way or another, whether it involved the stealing of credentials or socially engineering the person to take a certain action.
I find these sections of the report interesting - Seeing the trends from 2008 to 2021 is quite interesting and honestly can say lots about the industry as a whole. In 2008, 73% of attacks that occurred were “External”, 39% were “Partner”, and 18% were “Internal”.
In 2021, 80%-ish attacks were “External”, 20% of attacks were “Internal”, and then there were a couple that are miniscule, such as “Multiple” and “Partner” (which didn’t occur often).
As we continue to delve further into this, it’s important to remember that with all of the stats we see, not all breaches have been reported or disclosed. Many times, when a breach is taking place (or already took place), security vendors and law enforcement like to keep things on the down-low before going public.
This is primarily due to the fact that organizations who are experiencing this tend to have a remediation plan in place or at least be in the process of remediating before disclosing.
In 2008, on average, 375,000 records from organizations were compromised per breach. In 2021, on average, 80,000 records were compromised per breach.
Going from 375,000 to 80,000 is a massive change, but since it has been several years, new technology and policies are most likely the reasoning behind this - which regardless of the reasoning, we are very happy to see.
All attackers have different motives (excuse my black marker skills… I just wanted to show the important stuff on this page). Seemingly such, not a whole lot has changed from 2008 to 2021 for the #1 motive that attacks utilize. Financial advancement and personal gain are some pretty big motivators that help to encourage these malicious activities.
I mean, the biggest take away from this chart (in my opinion) is that larger organizations are being targeted more for financial reasons than they were in 2008.
I thought this might be cool to drop in here… Just a few things that these attackers have to go through to scale their attacks in a meaningful way. These are the loopholes that they jump through to make their “businesses” grow.
For all of the industries that are covered in the DBIR, there were two that stuck out as the hardest hit industries: Professional industry and Finance industry.
That being said, they each had their fair share of attacks, breaches, and motivators… However, those did not change much from years past.
Professional Industry
The professional industry had 3,566 incidents this year with 681 of those resulting in breaches (confirmed data disclosure). System Intrusion, Basic Web Application Attacks and Social Engineering represent 89% of breaches. The top threat actor origin was External (84%). Threat actor motives: Financial (90%) and Espionage (10%). Things that threat actors compromised: Credentials (56%), Personal Gain (48%), Other (26%), and Internal (14%).
Financial Industry
The financial industry had 2,527 incidents this year with 690 of those resulting in breaches (confirmed data disclosure). Basic Web Application Attacks, System Intrusion, and Misc. error represent 79% of breaches. The top threat actor origin was External (73%). Threat actor motives: Financial (95%) and Espionage (5%). Things that threat actors compromised: Personal Gain (71%), Credentials (40%), Other (27%), and Bank (22%).
In summary, these are just a few interesting key take-aways that I was able to snag from the report. By no means is this a fully comprehensive breakdown over the entire report. While I was reading, I was looking for any unique trends and took note of them. For example, the Professional industry had more incidents than the Financial industry, but had less breaches of data than the financial industry.
If you’d like to learn more or read the report for yourself, go check it out here! It’s definitely worth your time (also, the author makes it quite the interesting read too)
Happy Friday and have a safe weekend!
Cheers,
-William