Verizon recently released its 2022 Data Breach Investigation Report (DBIR). As the 15th edition, the report is seen as a trusted and respected resource in cybersecurity for its annual reporting and analysis of incidents and breaches. The complete 2022 DBIR, as well as an executive summary, is available on Verizon's DBIR resource page.
This year the DBIR team analyzed 23,896 security incidents, of which, 5,212 were confirmed data breaches. On page 4, the report explains who a threat actor is and what tactics and actions are referenced throughout the report. In addition, the report highlights incidents and breaches, and the following definitions were provided. An incident is defined as a security event that compromises the integrity, confidentiality or availability of an information asset. A breach is an incident that results in the confirmed disclosure--not just potential exposure--of data to an unauthorized party. (page 4)
The summary of findings notes that there are four key paths leading to your data: credentials, phishing, exploiting vulnerabilities and botnets.
- Ransomware attacks have increased by 13 percent.
- Supply chain attacks were responsible for 62 percent of system intrusion.
- Human error accounts for 13 percent of breaches.
- Stolen credentials, phishing, misuse or error by people caused 82 percent of breaches.
- Denial of Service (DoS) activity represents 46 percent of total incidents.
Industry Analysis from the Verizon 2022 Data Breach Investigations Report
Education Services (pages 57-58) – This sector follows a similar trend to the majority of the other industries; it is experiencing a dramatic increase in Ransomware attacks (over 30% of breaches).
- Frequency: 1,241 incidents, 282 with confirmed data disclosure.
- Top Patterns: System Intrusion, Basic Web Application Attacks and Miscellaneous Errors represent 80% of breaches.
- Threat Actors: External (75%), Internal (25%) (breaches).
- Actor Motives: Financial (95%), Espionage (5%) (breaches).
Healthcare (page 61-62) – The Basic Web Application Attacks have overtaken the Miscellaneous Errors in causing breaches in this sector. Errors are still a significant problem.
- Frequency: 849 incidents, 571 with confirmed data disclosure.
- Top Patterns: Basic Web Application Attacks, Miscellaneous Errors and System Intrusion represent 76% of breaches.
- Threat Actors: External (61%), Internal (39%) (breaches).
- Actor Motives: Financial (95%), Espionage (4%), Convenience (1%), Grudge (1%) (breaches).
Public Administration (pages 71-72) – The System Intrusion pattern is the newest big dog to arrive on the scene in this sector. Employees continue to be a cause of breaches in this vertical, although Internal actors are seven times more likely to make a mistake than to commit a malicious act that causes a breach.
- Frequency: 2,792 incidents, 537 with confirmed data disclosure.
- Top Patterns: System Intrusion, Miscellaneous Errors and Basic Web Application Attacks represent 81% of breaches.
- Threat Actors: External (78%), Internal (22%) (breaches).
- Actor Motives: Financial (80%), Espionage (18%), Ideology (1%), Grudge (1%) (breaches).
Other Key Pages
Page 6: Introduction
Page 7: Summary of findings
Pages 25-30: System Intrusion - 7,013 incidents, 1,999 confirmed data disclosure
Pages 33-35: Social Engineering - 2,249 incidents, 1,063 confirmed data disclosure
Pages 39-40: Miscellaneous errors - 715 incidents, 708 confirmed data disclosure
Pages 41-42: Denial of Service - 8,456 incidents, 4 confirmed data disclosure
Pages 47-48: Privilege Misuse - 275 incidents, 216 confirmed data disclosure
Pages 49-76: Industry Highlight