2022’s DBIR, in addition, highlighted the far-reaching impact of supply-chain breaches & how organisations & their employees are the reasons why incidents occur.
Ransomware, supply-chain threats & how organisations & their employees are ‘their own worst enemy’ when it comes to security are some of the key conclusions of Verizon’s annual report on the last year of cyber-attacks.
System Compromise
The 2022 Data Breach Investigations Report (DBIR) published Tues. provided some news for organisations aiming to secure themselves against threats that can result in system compromise & the loss of data, resources, money, time and/or all of the above.
The researchers behind the report–Gabriel Bassett, C. David Hylender, Philippe Langlois, Alex Pinto & Suzanne Widup–observed that the last few years have been “overwhelming” for everyone, without citing the obvious factors, i.e., the pandemic & the start of the war in the Ukraine right after.
Unprecedented Rise
What the report’s writers are most concerned about is data related to the occurrence security incidents & breaches, with the former being any compromise of an information asset, & the latter exposure of data to unauthorised parties. In 2021, researchers found that both experienced an unprecedented rise in occurrence.
“The past year has been extraordinary in a number of ways, but it was certainly memorable with regard to the murky world of cyber-crime,” they wrote in the report.
“From very well-publicised critical infrastructure attacks to massive supply-chain breaches, the financially motivated criminals and nefarious nation-state actors have rarely, if ever, ‘come out swinging’ the way they did over the last 12 months.”
Ransomware Here to Stay
There were few surprises among the DBIR’s key findings to those who observed the security landscape in 2021. In fact, some findings seem consistent with what the report has highlighted since its creation in 2008, one security professional observed.
“The most important research by & for the cyber-security industry is out & it feels like the movie Groundhog Day, where we are waking up to the same results year after year since the 1st report in 2008,” John Gunn, CEO of security firm Token,
13% Increase
One finding that reflects a threat that’s risen to prominence in just the last few years, however, is that ransomware continues to trend up. This type of cyber-crime which locks up company’s data through intrusion. & will not release it until the organisation pays a large extortion sum, had an almost 13% increase year-over-year in 2021.
The rise was as big as the last 5 years combined, in which ransomware rose overall 25%, researchers noted.
“Ransomware’s proliferation continues & is present in almost 70% of malware breaches this year,” they wrote.
US Federal Authorities
Although ransomware groups have come & gone & US Federal authorities have made great progress to crack down on this type of cyber-crime, the gain is so lucrative for criminals that it will likely persist, security experts noted.
“Ransomware is by far the most reliable way that cyber-criminals can capitalise on compromising their victims,” observed Chris Clemens, VP of Solutions Architecture for security firm Cerberus Sentinel,.
“No other action attackers can take comes close to the ease & magnitude of guaranteeing a pay-out from their operations.”
Supply Chain Under Attack
Significant attacks on the supply chain in which a breach occurs in one system or software that can easily spread across organisations that demonstrated lasting repercussions also rose in prominence & occurrence in 2021, researchers found.
“For anyone who deals with supply chains, 3rd parties & partners, this has been a year to remember,” they wrote.
Without mentioning it by name, the Verizon team cited as an example the now-infamous SolarWinds supply-chain attack that occurred at the very end of 2020 & still had companies scrambling to react to it well into 2021.
System-Intrusion Incidents
“Supply chain was responsible for 62% of system-intrusion incidents this year,” researchers reported. Moreover, unlike a financially motivated threat player, perpetrators of these crimes are often state-sponsored players who prefer to “skip the breach & keep the access,” maintaining persistence on organisation’s networks for some time, researchers stated.
These attacks are so dangerous because, since the attack can start with 1 company but quickly travel to its customers & partners, there can be so many victims involved, commented researchers.
Also, often breaches that travel down the supply chain are not discovered until long after attackers already have gained access to an organisation’s systems, making the potential for data breach & theft long-term more likely.
Error- Human etc.
2 more key findings of the report are related in terms of where the ultimate responsibility lies—someone either inside or outside an organisation that makes a mistake. Human error continues to be a dominant trend for how & why breaches occur, researchers found.
“Error continues to be a dominant trend and is responsible for 13% of breaches,” researchers noted. This finding is primarily due to misconfigured cloud storage, which of course is typically the responsibility of the person or people responsible for setting up the system, they explained.
The Human Element
Also, 82% of the breaches analysed in the DBIR in 2021 involved what researchers call “the human element, which can be any number of things, they outlined.
“Whether it is the use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in incidents & breaches alike,” researchers wrote.
Oldest Risk
Security experts showed little surprise over the “human-element” finding, which is one that is haunted the tech industry since even before security & the whole industry around it existed, noted one security professional.
“It has been that way since the beginning of computers & likely will be that way for decades to come,” noted Roger Grimes, data-driven defence expert for security firm KnowBe4,
Many of the errors that occur today are the result of clever social engineering by attackers, particularly in phishing attacks that trick people into clicking malicious files or links that allow computer access or provide personal credentials that can be used to compromise enterprise systems, he suggested.
Misconfiguration Errors
The only way to solve security issues created by human error is through education, whether it be about misconfiguration errors, the importance of patching, stolen credentials, & or just “regular errors, such as when a user accidentally emails the wrong person data,” Grimes observed.
“Humans have always been a big part of the computing picture, but for some reason, we always thought only technology solutions alone can fix or prevent issues,” he commented.
“3 decades of trying to fix cyber-security issues by focusing on everything but the human element has shown that it is not a workable strategy” he concluded.
