The Verizon 2022 DBIR

apt APT (Targeted attacks) botnets Cyber espionage cybercrime Financial threats Publications Ransomware Social Engineering Spam and Phishing Vulnerabilities and exploits

The Verizon 2022 Data Breach Investigations Report is out. We are proud to collaborate as a supporting contributor to this year’s data efforts once again and to have contributed for the past 8 years. The report provides interesting analysis of a full amount of global incident data.

Several things stand out in the 2022 report:

  • Ransomware challenges continue to mount — “Ransomware’s heyday continues, and is present in almost 70% of malware breaches this year.”
  • Social engineering became an overwhelming problem this past year, highlighting the surge in repeated cybercrime tactics — 1. “The human element continues to be a key driver of 82% of breaches and this pattern captures a large percentage of those breaches.” 2. “Actor Motives: Financial (89%), Espionage (11%).”
  • APT activity continues to be high, was underreported in the past, and while it possibly continues to be underreported, its reporting is increasing: “Financial has been the top motive since we began to track it in 2015. However, that same year the rise of hacktivism (particularly leaks) accounted for many attacks. Espionage-related attacks were not even on the radar, but seven years later the world is a very different place. Espionage has taken the 2nd place spot for years, and hacktivism is, for the most part, simply an afterthought. Before we move on, however, it should be noted that while espionage has almost certainly increased over the last few years, the fact that it did not appear at all in 2015 was quite likely due to our contributors and general case load at the time.”
  • System intrusions were heavily weighted at the top by two vectors: “‘Partner’ and ‘Software update’ as the leading vectors for incidents. This is primarily attributed to one very large and very public security incident that happened last year. We’ll give you a hint, it rhymes with ‘PolarShins’.” These data points fall under the supply chain discussion for us, and we continue to see that trend into this year — the “supply chain” is actively targeted and abused as a deployment tactic around the world, and we expect it to continue.

Business leaders should be sure to check out Appendix C — Behavior. It maintains an interesting approach on quantifying success in training programs, “In 2021 we reported that the human element impacted 85% of breaches, which decreased slightly to 82% this year. Unfortunately, strong asset management and a stellar vulnerability scanner aren’t going to solve this one.”

Perhaps next year we will read more about IoT and industrial issues, we’ll see. In the meantime, enjoy this year’s publication!