Digital transformation plays an active role in many fields of the business world and cybersecurity has become extremely critical for maintaining organizations’ business model and workflow. Organizations need to build advanced cybersecurity policies to prevent data breach incidents, and even analyze the general trend in all sectors with regards to data security, in order to eliminate possible cyber attack threats before any breach occurs.
Cybersecurity reports and analysis prepared by various independent organizations should be regularly followed and of great help to predict cyber threats and take the necessary measures. Verizon's DBIR (Data Breach Investigations Report) 2022, which has been published recently, stands out among these reports and regularly compiles the measures to be taken by companies and government agencies in the face of cyber threats.
This report, published by Verizon annually since 2008, provides organizations within an international cybersecurity snapshot with significant insight into the current and potential threat environment. The report thoroughly addresses current issues related to cybersecurity and describes what has changed and what has remained constant over the years.
In this article, we will compile the highlights from Verizon's DBIR 2022 with the goal of providing guidance to those who want to build a cybersecurity wireframe for their organization, with the right policies.
Remarkable Share of Ransomware Attacks
The report prepared by Verizon clearly states that ransomware attacks showed a huge increase of almost 13%, a rise as big as the last five years combined (for a total of 25% for this year). The report underlines that 70% of software-based data breach cases involve ransomware attacks. This attack method stands out as one of the favored by hacker groups to get unauthorized access to company networks and cyber infrastructure, particularly in a supply chain environment. Indeed, Verizon's DBIR 2022 points out that supply chain attacks account for 62% of system intrusion incidents.
With respect to ransomware attacks, it should also be noted that 40% of all data breach cases caused by this type of attack involve the use of desktop sharing software. Driven by the transformation of the business world with the adoption of the remote work model due to COVID-19, this situation leads us to some other interesting data. According to the report, 14% of unauthorized access incidents involve the use of desktop sharing applications.
Internal Threats and Their Role in Identity Theft Cases
To build an advanced cybersecurity infrastructure, you should grant only as much privilege and access as necessary to privileged accounts, which may later become internal threats, and you should control the access permissions you grant and the movements in the system on a 24/7 basis. The report states that privilege misuse, which is defined as the employees' misuse of legitimate access granted to them, is 2.5 times more likely to occur as a result of an error than as a result of intended misuse.
In the case of a data breach caused by internal threats with malicious intent, however, the personal data of employees, customers, and stakeholders is likely to be leaked. According to the report, malicious internal threats appeared mostly in the healthcare industry, within the cases of data breaches analyzed in 2022, just like in previous years. Medical data is targeted in 22% of data breaches caused by health sector employees’ misuse of their privileges.
Prevention of Human Errors
Human error is responsible for 13% of data breaches. Still a dominant trend, human errors are largely due to misconfigured cloud storage systems. It is extremely important to get support from artificial intelligence and automation to prevent human errors. However, it is equally important to provide employees with the right training on the use of cybersecurity and information technologies. It is predicted that human errors may be decreased if the awareness of employees is raised and the access to cloud systems is controlled by the cooperation of artificial intelligence and automation.
Another remarkable topic in the report is the human element. According to Verizon's DBIR 2022, 82% of the data security breach cases analyzed this year involved the human element. Unfortunately, the negative contribution of the human element continues to significantly stand out in incidents such as phishing and misuse of stolen credentials.
Phishing Attacks and Use of Mobile Devices
According to the Data Breach Investigations Report 2022 prepared by Verizon, the usage of mobile devices is the main factor behind the emergence of phishing attacks. The report states that at least 58% of mobile devices had at least one malicious URL clicked. Defined as a phishing attack, this method has become more popular among cyber attackers in the last few years, during which people have become accustomed more and more to paying without a card and showing a preference for contactless payments. It should also be noted that at least one malicious or risky application is installed in 16% of phishing attempts, mostly by e-mailing links or via QR code. Besides, considering that one-fifth of phishing attacks are carried out through mobile devices, you should definitely pay serious attention to this topic when building or improving your cybersecurity infrastructure.
Share of Supply Chain in a Chain of Breach Incidents
We have mentioned above that cyber attacks targeting the supply chain account for 62% of system intrusion incidents. Verizon's DBIR report 2022 identifies the misuse of stolen credentials in supply chain breaches, expressed as a sequence of one or more breaches chained together, as the most significant type of cyber activity.
Moreover, according to Verizon's DBIR 2022, more than 75% of supply chain attacks involve only three methods. Defined as phishing, ransomware, and downloader, these three methods are the most common attacks on the supply chain. In the report, experts suggest that it is important for defense mechanisms to lengthen the attack path favored by the cyber attackers and increase the number of steps. Cybersecurity experts state that lengthening the attack path will make it easier to take countermeasures, and point out that IT infrastructures should be structured accordingly.
High Risk in Web Applications
Web applications are among the major attack surfaces. Frequently used by external threats to organize cyber attacks, web applications are defined as the number one attack vector in the report. Furthermore, the same report suggests that 80% of cyber attacks carried out through web applications result in identity theft.
Use PAM to Protect Your IT Infrastructure
Privileged Access Management (PAM) solutions are extremely successful in minimizing the cyber risks listed in Verizon's DBIR 2022. Kron’s Single Connect Privileged Access Management solution provides end-to-end data and access security thanks to its unique modules, and successfully stores all data in your IT infrastructure, especially the credentials of privileged accounts. Offering a fully encrypted infrastructure with the Dynamic Password Controller module, Single Connect uses Two-Factor Authentication (2FA) to request simultaneous location and time verification from users who request access. Both modules help make your IT infrastructure secure against data breaches that may occur using privileged access credentials.
Single Connect’s Database Access Manager and Dynamic Data Masking features record all actions of database administrators and mask the original data in a dynamic way. This makes all actions on the network controllable and secure on a 24/7 basis. Furthermore, the Privileged Session Manager allows you to better control user and data entries in different sessions. Privileged Task Automation (PTA) also automates routine tasks on the network to improve employee productivity and prevents possible service disruptions.
Our PAM suite Single Connect, which was included in the Gartner Magic Quadrant, provides the best protection against cyber risks listed in Verizon's DBIR 2022. Please do not hesitate to contact our team to learn more about Single Connect.