Key takeaways from the DBIR: The most common routes to corporate discounts

Verizon today released the 2022 Data Breach Investigations Report (DBIR) analyzing over 5,212 security breaches and 23,896 security incidents.

The report highlights that attackers have four main paths to corporate properties; Credentials, phishing, exploits, and malicious botnets.

Hackers can use any of these entry points to gain access to a protected network and launch an attack. Generally, they do this by exploiting the human element (including error, abuse, and social engineering), which was responsible for 82% of intruders this year.

More specifically, the study also shows that 50% of breaches are related to remote access and web applications, while 25% are due to social engineering and credential reuse played a role in 45% of breaches.

The new threat landscape: “Violations breed violations”

One of the report’s key findings is that supply chain incidents give threat actors the materials they need to access downstream enterprise systems, which explains why 97% of organizations reported being hit by a security breach in the past Supply chain were negatively impacted.

Verizon’s DBIR suggests that threat actors leverage supply chain breaches because they act as force multipliers, allowing them to breach upstream organizations and service providers before using the access and intelligence they have been given to get into the systems penetrate downstream organizations.

Or as Senior Information Security Data Scientist on the Verizon Security Research Team, Gabriel Bassett, describes it: “Breach breeds breach”. “Violations at a partner can lead to your own violation, as can supply chain violations. Access paths can be acquired by attackers and sold on criminal marketplaces.”

Bassett explains that hackers most often use the human element to gain initial access through phishing scams or credential theft and reuse.

“After the new attacker buys access, they monetize it with another breach, often ransomware (which is up 13% in breaches this year, more than the last 5 years combined,” Bassett said.

Thinking about the DBIR: Enterprise best practices

While mitigating the human element can be challenging for businesses, Bassett highlights some core tools businesses have at their disposal to secure the four avenues of access to their assets.

Taking simple steps like providing two-factor authentication and providing users with password managers to avoid credential reuse can reduce the likelihood that attackers can exploit bad passwords to gain access to internal systems.

Likewise, organizations can curb phishing by implementing strong email filters and developing clear phishing reporting processes so security teams are ready to act when users report a suspicious email, while using antivirus tools to detect botnet threats defend against and prevent malicious software from infecting endpoints.

For vulnerability management, organizations can then develop a repeatable asset management process by installing vendor patches whenever possible, rather than attempting to patch a new issue every time it arises.

Above all, the key to a successful defense is efficiency. “A key point for organizations is that attackers have repeatable processes for all of these access methods. The attackers are efficient with these attacks, so we have to be efficient with our defenses.”