We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Today, Verizon released the 2022 Data Breach Investigations Report (DBIR), analyzing over 5,212 breaches and 23,896 security incidents.
The report highlights that attackers have four key paths to enterprise estates; credentials, phishing, exploiting vulnerabilities, and malicious botnets.
Hackers can use any of these entry points to gain access to a protected network and launch an assault. Generally, they’ll do this by exploiting the human element (including errors, miuse, and social engineering), which accounted for 82% of intrusions this year.
More specifically, the research also shows that 50% of breaches revolve around remote access and web applications, while 25% were contributed to by social engineering, and credential reuse was involved in 45% of breaches.
The new threat landscape: ‘breaches beget breaches’
One of the most important revelations of the report is that supply chain incidents are providing threat actors with the materials they need to access downstream enterprise’s systems, which explains why 97% of firms have reported being negatively impacted by a supply chain security breach in the past.
Verizon’s DBIR suggests that threat actors use supply chain breaches because they act as a force multiplier, enabling them to breach upstream organizations and service providers before using the access and information they’ve gained to break into the systems of downstream organizations.
Or as Senior Information Security Data Scientist on the Verizon Security Research Team, Gabriel Bassett describes it, “breaches beget breaches.” “Breaches at a partner can lead to your own breach, as with supply chain breaches. Access paths can be acquired by threat actors and sold on criminal marketplaces.”
Bassett explains that most of the time, hackers exploit the human element to gain initial access, through the use of phishing scams or credential theft and reuse.
“After purchasing the access, the new attacker monetises it with another breach, often with ransomware (which increased 13% in breaches this year, more than the last 5 years combined,” Bassett said.
Reflecting on the DBIR: best practices for enterprises
While mitigating the human element can be challenging for organizations, Bassett highlights some core tools that enterprises have at their disposal to secure the four access paths to their estates.
Taking simple steps like deploying two-factor authentication and providing users with password managers to avoid reusing credentials can reduce the likelihood of attackers being able to exploit poor passwords to gain access to internal systems.
Likewise, organizations can mitigate phishing by implementing strong mail filters and developing clear phishing reporting processes, so that security teams are ready to act whenever users report a suspicious email, while using antivirus tools to stave off botnet threats and prevent malicious software from infecting endpoints.
Then for vulnerability management, organizations can develop a repeatable asset management process, installing vendor patches when possible, and not attempting to patch a new issue every time it arrives.
Above all, the key to successful defense is efficiency. “An important point for organizations is that attackers have repeatable processes for all of these methods of access. The attackers are efficient in these attacks so we have to be efficient in our defenses.”