Verizon Data Breach Investigation Report: Employee Cybersecurity Training Still Lagging as Stolen Credentials Rise
The DBIR team examined more than 914,000 incidents and nearly 235,000 data breaches.
![Managed Security Services Managed Security Services](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt97383e9724cc0c13/652429cd64a46067b1c1568f/Managed-Security-Services.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Verizon reported a 13% year-over-year increase in ransomware.
“There are many factors behind the acceleration of ransomware in 2022, from rising financial and political incentives for cybercrime to the proliferation of malware and exploits through easily accessible darknet markets,” said Chris Olson, CEO of digital safety provider The Media Trust. “Moreover, attackers are increasingly leaning on the web and mobile devices as channels for ransomware spread, expanding the number of surfaces through which consumers, organizations and government agencies can be targeted.”
Basic web application attacks are growing in frequency, but denial-of-service attacks remained the most common pattern.
Denial -f-service attacks target network and system availability. Verizon noted 8,456 incidents. Four of them featured a confirmed data disclosure. In addition, the median DoS attack lasted for less than four hours.
The 2022 DBIR showed how two popular different attack strategies threaten companies: social engineering and system intrusion.
Whereas social engineering seeks to deceive humans using pretexting, system intrusion goes after technological vulnerabilities.
Social engineering has overtaken system intrusion as the most common pattern for data breaches. Currently, those two approaches outnumber miscellaneous errors, privilege misusse and lost/stolen assets.
Verizon noted that ransomware typically is connected to system intrusion, which explains why both are rising in frequency.
Verizon dug into the numbers for basic web application attacks. For these types of incidents, bad actors more commonly leveraged stolen credentials rather than exploiting a vulnerability.
“There’s been an almost 30% increase in stolen credentials since 2017, cementing it as one of the most tried-and-true methods to gain access to an organization for the past four years,” the report authors wrote.
However, vulnerability exploitation rose in frequency last year. The Lo4j is just one example of a vulnerability that gained the attention of IT professionals, media, cybercriminals last year.
Although the cybersecurity industry has long promoted the importance of employee training, its messages seem to be falling on deaf ears.
Companies spend a median of 49 minutes a year training each employee about cybersecurity, according to Verizon’s report.
Michelle Hyde (pictured) is the president and founder of Hyde Group, a technology consulting and sourcing firm that has built a strong cybersecurity practice.
She said employees continue to follow the prompts of phishing emails from bad actors.
“The idea that from 2008-2022 human behavior has really not changed when it comes to being the source of breaches (mostly phishing via email) – by a large margin,” she told Channel Futures. “That said, these emails today are well-crafted and have deceivingly convincing profiles that look like the real thing.
She said businesses need to take advantage of security training that can significantly reduce their attack surface.
“It is still a mystery how businesses have at their disposal on-point training and truly excellent modes of training their personnel (video, tabletop, red team) and still with all these tools at our disposal, training is often low on the list to employ,” she said. “As my colleague Jeremy Johnson shares with our clientele, ‘Employees make the best firewalls.’ Train them up accordingly and reward them for catching/citing the threats they come across. Enlist the organization in its entirety in this security effort, because it is a threat to the entire organization. This is our new reality.”
Companies are discovering their breaches faster than ever. However, that’s due in part because cybercriminals disclosing them is by far the most common discovery method. Typically that’s either a direct note from the ransomware actor or the posting of the customer data on a criminal forum.
Verizon dived into a variety of data breach trends within different industries.
One notable finding is how accomodation and food services have decreased in cases relative to other industries. The 2012 DBIR listed accomodation and food services as 54% of the cases. This time around they represented less than 2%.
“This represents both a total drop in cases but also a rather dramatic drop in incidents and may be representative of a larger shift in the criminal ecosystem to target and victimize not only the organizations with credit card data but any organization,” the authors said.
Saryu Nayyar is the CEO and Founder of unified security and risk analytics provider Gurucul. She pointed to how the threat landscape has evolved significantly over the last two years.
“However, it all starts with the fact that shoring up defenses, while important, is not clearly not enough to prevent a costly breach. The research points to the fact that based on human behaviors and poor supply chain visibility, a compromise is all but inevitable, especially if the target of a persistent and organized threat actor,” Nayyar said.
As a result, she argued that the C-suite needs to make investments in technology that monitors threats that “are already inside the castle walls.”
“Current SIEM and XDR solutions have also been available for the better part of two years and threat actors continue to evade these systems easily. In order to achieve a successful SOC transformation, what is required is a more complete set of telemetry, advanced analytics, and trained — not rule-based — machine learning models that adapt to both the organization and variations in tools and techniques by threat actor groups. This can automate manual tasks, prioritize and optimize resources and speed detection and response with full context and an understanding of risk,” she said.
The report found supply chain attacks responsible for 62% of system intrustion incidents in 2021.
Olson said the alarming growth of software supply chain attacks does not suprise him.
“The strongest door in the world offers no protection if the walls are made of paper; likewise, the most secure organization on Earth can still be compromised if their technology partners have poor security practices. Moving forward, businesses need to prioritize vetting their partners, whether they are traditional software vendors or digital third parties,” Olson said.
The report found supply chain attacks responsible for 62% of system intrustion incidents in 2021.
Olson said the alarming growth of software supply chain attacks does not suprise him.
“The strongest door in the world offers no protection if the walls are made of paper; likewise, the most secure organization on Earth can still be compromised if their technology partners have poor security practices. Moving forward, businesses need to prioritize vetting their partners, whether they are traditional software vendors or digital third parties,” Olson said.
Cybercriminals are finding exploitable attack surfaces in both humans and technology platforms. That’s according to the latest Verizon Data Breach Investigation Report.
The Verizon Data Breach Investigation Report (DBIR) found that system intrusion is rising in frequency as a cyberattack pattern. The DBIR defines system intrusion as “complex attacks that leverage malware and/or hacking to achieve their objectives including deploying ransomware.” Partner and software updates comprised the most common attack vector for system intrusion, according to Verizon.
At the same time, socially engineered attacks remain immensely common, and the amount of time businesses dedicate to training their employees about cybersecurity doesn’t seem to match the risks.
The 108-page report examines in great depth data breaches and the incidents that cause them. The DBIR team examined more than 914,000 incidents and nearly 235,000 data breaches. Check out the document to see the microtrends within each vertical and each attack pattern.
Channel Futures summarized the main findings from the 2022 Verizon DBIR in the 10 images above.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email James Anderson or connect with him on LinkedIn. |
About the Author(s)
You May Also Like