Verizon has been issuing its respected Data Breach Industry Report (DBIR) since 2008, and its results serve as a useful resource for small businesses seeking to better understand cybersecurity threats. In this article, we will highlight the most important findings from this study and provide recommendations on how to best overcome the cybersecurity issues revealed in the report.
Scope of DBIR
This annual report has demonstrated its value since 2008 as Verizon analyzes actual data breaches and security incidents that have negatively impacted thousands of companies. For the 2022 DBIR, Verizon analyzed more than 5,200 data breaches and almost 24,000 security incidents that occurred in the last year. This comprehensive study provides valuable insight into the ways cybercriminals penetrate company networks, which helps organizations understand how to best protect themselves from cyberattacks.
Key Findings from 2022 DBIR
-Four main paths used for cyberattacks
Cybercriminals’ four main paths to accessing networks include compromised credentials, phishing, exploiting vulnerabilities, and malicious botnets.
-Human error remains the biggest vulnerability
In 82% of the network intrusions, hackers focused their efforts on exploiting the behavior of employees. The most common way cybercriminals gained unauthorized access to systems was through compromised login credentials. Malicious actors obtain these credentials by sending phony links asking for login information, buying them off the dark web, using programs to guess common passwords, and even looking over users’ shoulders as they type their information into their devices. In addition, employees often fall victim to social engineering, such as through email phishing, where a cybercriminal poses as a trusted individual or institution and asks for login or other sensitive information.
Also, cybercriminals exploit situations where login credentials are misused by employees on their personal devices and applications. Hackers also take advantage of companies that do not sufficiently limit employee access to sensitive company and client information.
The widespread use of remote work and web applications has also exposed company networks to a far greater amount of external bad actors on the internet. One troubling trend on the rise is cybercriminals distributing malware through software updates by targeting developer workstations, DevOps, and automation tools that have powerful privileges.
Another costly human issue that hackers capitalize on are cloud storage misconfiguration errors, which provide many opportunities for malicious activity.
-Ransomware attacks have increased significantly
The report revealed that ransomware attacks increased 13% over the past year, and they accounted for about 70% of all malware breaches. 40% of the ransomware attacks involved desktop sharing software as its use has become more prevalent with the rise of remote work options. The study further showed that the ransom amounts demanded by hackers continue to increase and that small businesses–even those with less than 10 employees– have become the preferred ransomware targets. This problem has become steadily worse with the advent of criminal organizations selling ransomware-as-a-service programs, which make it possible for inexperienced cybercriminals to penetrate company networks.
-Supply chain/partner vulnerabilities have multiplier effect
The report found that a stunning 62% of system intrusion incidents came through a partner. Cybercriminals have quickly learned the force multiplier effect of compromising the right partner, which will give them access to many different organizations served by the same company or application. For example, a similar recent study found that 64% of IT security personnel concede that an attack on their organization from a compromised software supplier could not easily be stopped. These disturbing results emphasize an organization’s need for strong endpoint security and password protocols.
Recommendations to protect against these highlighted cybersecurity threats
To protect your organization from the main threats revealed in the 2202 DBIR, security experts recommend the following actions.
- Invest in powerful antivirus tools and firewalls and set up active network monitoring applications to rapidly detect and confront any issues.
- Utilize Two-Factor Authentication (2fA) and strong password protocols.
- Consider the implementation of ZeroTrust cloud security architecture. This type of security system behaves as though the outer perimeter has already been breached and requires constant security verifications to access various parts of the network. This security architecture can help ease the threat of employee errors and initial security breaches.
- Emphasize that your employees follow good cyber hygiene in the office or at home.
- Provide frequent training on safe email and internet behavior and regularly assess your employees’ results with announced and unannounced exercises.
- Ensure that the highest level of cybersecurity protection exists on their personal devices as well as their company equipment. With the rise of remote work and the use of private devices by employees, your organization must pay close attention to this issue.
- Consider cybersecurity insurance to mitigate the impact of any successful ransomware attacks.
Work with a trusted IT Support partner
Verizon’s 2022 DBIR’s findings reveal a range of cybersecurity threats that should concern your small business. The most important recommendation we can give your organization is to take the time to consult and work with a trusted IT Support partner, such as Network Depot, to best protect yourself against these cybersecurity threats. Your IT partner will help you select and implement the right cybersecurity tools and solutions that will work best for your business.
By knowing and understanding the cybersecurity trends revealed in the 2022 DBIR and with the assistance of your trusted IT Support partner, your company will be confident that you are well protected. Secure with this knowledge, your organization will be able to better focus on fulfilling your unique mission.