Verizon’s 2022 DBIR, Up to Date Security Breach Statistics
July 28, 2022 | 4 minutes read
In Verizon’s 2022 Data Breach Investigations Report (DBIR), the U.S. wireless operators’ 15th annual installment, it was revealed that there was a significant rise in cybercrimes that were predicated on ransomware attacks in 2021. More specifically, the report states that “ransomware has continued its upward trend with an almost 13% increase — a rise as big as the last five years combined (for a total of 25% this year).” As various sources have reported that 2021 saw the most breaches that had ever occurred during a one-year period in U.S. history, the fact that ransomware attacks were on the rise last year was far from surprising. To this point, Verizon’s 2022 report also states that ransomware attacks have been on the rise in general during the past 5 five years.
An increase in cyber attacks
While the ramifications of the worldwide COVID-19 pandemic have undoubtedly impacted virtually every factor of American society, including cybersecurity, bad actors and criminals have been turning their sights to online and digital pursuits for some time now. This being said, the introduction to Verizon’s 2022 DBIR confirms that there were 5,212 confirmed data breach incidents across the country in 2021, contrasted with 23,896 security incidents that had been alleged overall. To give context to these numbers, it is widely known among cybersecurity and data protection professionals that many data breaches will not be reported by the companies and businesses that experience such occurrences.
Likewise, the decision to suppress the occurrence of a data breach can be influenced by a wide range of factors. Most notably, many companies do not want to face the reputational harm that can be associated with such incidents, much less the legal and financial ramifications that can also be imposed against companies that are found to have violated the law in some form or another. As such, many companies will try to manage a data breach incident internally if doing so is at all feasible. When taking this into consideration, there were likely many more than 5,212 data breaches that took place within 2021, as substantiating the 23,896 security incidents that allegedly happened in 2021 is virtually all but impossible.
Stolen credentials
Irrespective of the exact number of data breaches that occurred in relation to the number of incidents that are confirmed by metrics such as Verizon’s DBIR, there is a commonality that is involved in almost 50% of such attacks. To this end, Verizon’s 2022 report also posits that almost 50% of all data breaches that took place in 2021 were made possible by stolen employee credentials. From online login information to physical identity cards that are stolen, the ways in which cybercriminals can leverage stolen data to steal even more information are very much innumerable.
On top of this, many companies that provide support services to their millions of customers will retain the information they obtain when interacting with said customers. While this information clearly has a great level of value, as almost all businesses look to some form of information to gain a better understanding of customer insights, storing this enormous amount of personal data also puts organizations at risk of sustaining a cyberattack. Subsequently, Verizon’s 2022 DBIR states “There’s been an almost 30% increase in stolen credentials since 2017, cementing it as one of the most tried-and-true methods to gain access to an organization for the past four years.” What’s more, when considering the other methods that cybercriminals use to steal personal data, obtaining stolen credentials appears to be the easiest way to launch a cyberattack.
Data breach causes
To illustrate this point further, Verizon’s 2022 DBIR also found that the two most common methods that cybercriminals had used to steal personal data in 2021 aside from stolen credentials were phishing attempts, as well as the exploitation of vulnerabilities within a companies computer network or online website. Comparatively speaking, these two methods are more difficult to pull off than simply stealing an employee’s email account credentials. As cyber criminals that utilize phishing attempts must be competent enough to launch a social engineering attack against a major business, only a small percentage of such attempts will ultimately be successful. Alternatively, the average cybercriminal will likely not have the knowledge or know-how necessary to exploit security vulnerabilities that are present within a business’s online website.
While the vast amount of information that is contained within Verizon’s 2022 Data Breach Investigations Report is far too expansive to cover in a single article, there are many clear points that can be gleaned from the study. Namely, despite the advances that have been made with respect to technology in recent years, most cyber attacks are still based on information that has been stolen from an employee working in a particular business, organization, or company. With this in mind, employers can greatly reduce their chances of being involved in a data breach simply by ensuring that the policies and procedures they have in place do everything possible to secure the information of their employees, as failing has repeatedly been proven to have long-term consequences and repercussions.