The 2022 Verizon Data Breach Investigations Report (DBIR)

What Nonprofits Need to Know

The Verizon Data Breach Investigation Report (DBIR) is one of the most comprehensive studies on data breaches in the world. Every year, Verizon releases a report that analyzes data from thousands of breaches across dozens of industries. The goal of the report is to help organizations improve their security posture and protect themselves against future attacks. In this blog post, we will summarize the key findings from the 2022 DBIR report.

1. What are the key findings from the 2022 DBIR report?
   
   
2. What are some of the biggest threats to organizations in 2022?
   
   
3. How can you improve your security posture?

The simplest summary possible

Here is the simple version of what is going on in the world according to the 2022 DBIR

1. Cybercriminals are stealing more money than ever before from victims
   
   
2. Cybercriminals are predominantly using ransomware and business email compromises to extract money from victims
   
   
3. Cybercriminals are primarily leveraging vulnerabilities in people to perform these attacks
• Phishing
• Other social engineering
• Taking advantage of people NOT using multi-factor authentication
• Taking advantage of people using weak and/or re-used passwords
  
  
4. Even if your organization is not breached directly, a breach at a vendor or business partner may impact you, sometimes severely. 
   
   
5. There are some really easy solutions to improve security, but many many people and organizations are still not doing them

Credentials and phishing are how attackers are getting in

Credentials and Phishing are, BY FAR, the most commonly exploited vulnerabilities.

"There are four key paths leading to your data & money: Credentials, Phishing, Exploiting vulnerabilities, and Botnets. These four pervade all areas of the DBIR, and no organization is safe without a plan to handle them all.”

Ransomware is not only still increasing, it is increasing at a higher rate

“Ransomware has continued its upward trend with an almost 13% increase–a rise as big as the last five years combined."

It’s important to remember that ransomware by itself is really just the most popular model of monetizing cyber attacks. Ransomware is not how cybercriminals breach your defenses, ransomware is what they do after they breach your defenses.

Humans are still the most popular target for attackers

“The human element continues to drive breaches. This year 82% of breaches involved the human element. Whether it is the Use of stolen credentials, Phishing, Misuse, or simply an Error, people continue to play a very large role in incidents and breaches alike.”

Ransomware Workflow and Mitigations

The Canadian Centre for Cybersecurity released a “Ransomware Playbook” in November of 2021. The entire playbook is a great resource, but I’m excerpting two visuals here. The first breaks down the workflow from the attacker (threat actor) perspective. The second is the same workflow but with the indicated mitigations (cybersecurity practices) in place. It shows both how attackers get into your environment, explore and analyze, establish footholds, and ultimately prepare and launch ransomware attacks. Understanding this workflow can help you understand how the different mitigations all help disrupt the attacker at various stages of the workflow. This also underscores the importance of a “defense in depth” strategy.

Source: Ransomware playbook (ITSM.00.099) - Canadian Centre for Cyber Security

Source: Ransomware playbook (ITSM.00.099) - Canadian Centre for Cyber Security

Things you can do to improve your organization’s security

There are a few key takeaways from the 2022 DBIR report that organizations can use to improve their security posture.

1. Implement Multi-factor authentication everywhere you can, but especially for email, file sharing, and database accounts
   
2. Provide and mandate regular Security Awareness Training for staff
   
3. Implement appropriate email security and filtering
   
4. Implement modern endpoint security that includes endpoint detection and response (EDR)
   

The annual Verizon Data Breach Investigations Report is a must-read for any organization that is serious about protecting its data. By understanding the biggest threats and trends, organizations can take steps to improve their security posture and protect themselves against future attacks.

Did you find this blog post helpful? Share it with your network! And don’t forget to check out our other blog posts for more great content.