The top three learnings from the 2022 Verizon Data Breach Incident Report and what businesses can do about them

The data displayed in the new Verizon Data Breach Incident Report (DBIR) offers critical insight into the current state of cybersecurity

After a year of data breaches and cyberattacks consistently dominating headlines, this year’s report closely examines what adversaries are looking for when infiltrating businesses and organisations worldwide. 

The report confirms much of what we already know; that cyberthreats are on the rise in EMEA, and that we must work together to improve our security posture. However, effectively tackling threats often remains difficult for organisations of all sizes. Below is a summary of some of the most prominent themes, and ways companies can prepare themselves to combat them. 

Ransomware is booming 

Ransomware, to nobody’s surprise, has increased in frequency by 13% over the previous year, with almost 70% of malware breaches involving some form of it, according to the DBIR. The dramatic increase in ransomware attacks makes sense, as hackers need only to encrypt their target’s data, rather than seek out specific financial information or credentials within their environment. This makes it a quick route to a potentially easy payout. 

The report also found that 40% of ransomware incidents last year involved the use of desktop sharing software. For example, cybercriminals used this tactic when exploiting vulnerabilities in Microsoft RDP, through weak or stolen user credentials. On the other hand, 35% of ransomware incidents involved the use of email, leading to researchers recommending that organisations lock down their remote desktop protocol and ensure their emails are scanned for potential phishing attempts. How, in 2022, we are still suffering from attacks over such a well-known attack vector as email, is surely one of the biggest questions to come out of this year’s report. These are fundamentals businesses need to focus on if they are to reduce threats. 

What’s the route into your company?  

The most common action adversaries took to disrupt their target’s IT ecosystem throughout EMEA was using stolen credentials. This was the case in over 60% of all breaches in the region over the last year. A close second was phishing attempts, which are primarily being targeted at financial teams due to their easy access to money. It was also found that hackers mostly want money, with financial gain serving as the motive in 79% of the region’s breaches. Finally, more than 60% of security incidents over the past year were conducted through a web application, which is consistent with data collected by Verizon in previous years. 

Because web applications — closely followed by email — are where organisations most frequently connect to the internet, it makes sense they’d be the primary vector for threat actors trying to breach an environment. But while a web application may fall victim to a hacker proficient with SQL or with an exploit handy, email is the domain of virtually every employee at every organisation, and can be targeted by virtually anyone. Protecting against this requires continuous staff training to keep workers alert to the latest threats and tricks used by criminals. Likewise, employees need to get in the habit of updating passwords, and keeping them unique to prevent criminals using stolen credentials to access systems.  

Are employees safe? 

Social engineering-focused attacks are the trendiest attack types for hackers in EMEA right now. The human-focused hacks accounted for almost 60% of all breaches identified last year in the region, a sharp increase from the 12 months prior. 

The rise in popularity of social engineering scams also indicates that threat actors are successfully targeting individual employees, potentially with less effort than it takes to infiltrate web applications. Much of this is down to the fact there is more information available online about individuals. For instance, profiles on LinkedIn, Twitter and Instagram can be used to create a more accurate scam email.  

In order for organisations to get ahead of threat actors preying on their employees’ less-than-perfect cyber hygiene, they need to adopt stricter controls to quickly detect attacks, as well as maintain, a strong security awareness programme. This needs to go beyond testing the phishing aptitude of their organisation and be consistent, targeted and limited in scope in order to allow employees to learn and practice one security skill at a time. Avoiding information overload will keep employees engaged and ready for emerging threats going forwards. 

The DBIR is an excellent resource for the cybersecurity community to predict the trends in attack types, vectors and the motivations of hackers throughout the next year. However, it should not just fall to the security team to create a secure environment. It needs to be a group effort from everyone in an organisation to secure every weak point. With vulnerability exploits doubling from the previous year, it’s safe to say that, once again, the fundamentals of cybersecurity – across both IT hygiene and human engagement – will be key to reducing the risk of damage and loss in the months and years ahead.  

About the Author

Ian McShane is Vice President of Strategy at Arctic Wolf. The cybersecurity industry has an effectiveness problem. Every year new technologies, vendors, and solutions emerge, and yet despite this constant innovation we continue to see high profile breaches in the headlines. All organizations know they need better security, but the dizzying array of options leave resource-constrained IT and security leaders wondering how to proceed. At Arctic Wolf, our mission is to End Cyber Risk through effective security operations.