For the past 15 years, Verizon has been making annual Data Breach Investigation Reports (DBIR). The report this year confirms just how terrible the last one year has been. Verizon explained the last 12 months as representing an unrivaled year in the history of cybersecurity. The financially inspired crooks and nefarious nation-state actors have seldom if ever, emerge swinging the way they did over the past year, explained Verizon.
The 2022 DBIR was put together along with 87 partner companies utilizing data from 23,896 security incidents. 5,212 of the cases were confirmed data breaches, 849 of the cases assessed in the report happened in the healthcare industry and 571 of those cases resulted in affirmed data breaches.
The report confirms that there was a significant surge in ransomware attacks in 2021, growing by 13% from the prior year. To include some opinion, the growth is bigger than the mixed increases in the past five years. As Verizon remarks in the report that ransomware is simply a means of using access to victims’ systems, however, it has proven to be specifically effective at making money with illegal access to sites and private information. 25% of data breaches in 2021 used ransomware.
The most typical vectors in ransomware attacks entailed the use of stolen credentials, mainly for desktop sharing software programs, which offered initial access in 40% of ransomware attacks. Phishing was the second most popular vector in ransomware attacks, offering preliminary access in 35% of attacks, then the exploitation of vulnerabilities in web programs and direct installs. The substantial percentage of attacks associated with remote desktop software and email shows the value of locking down RDP and protecting email.
The rise in ransomware attacks is worrying, and so is the increase in supply chain attacks, which are the reason for 62% of system interruptions. Supply chain attacks could be carried out by financially driven cyber actors, although quite often they are utilized by nation-state actors to obtain persistent access to systems for spying purposes.
Protecting against cyberattacks demands action be done to deal with the four major ways that result in gaining initial access to systems, which are botnets, phishing, credentials, and exploitation of vulnerabilities. Although insiders can and do bring about data breaches, definitely the primary cause is external actors. Breaches caused by external actors exceed insider breaches by four to 4. Though external attacks are a lot more likely, the median number of records impacted in insider breaches is a lot higher.
Human error continues to play a big part in data breaches. 13% of data breaches were misconfigurations, typically of cloud storage solutions, and 82% of all data breaches assessed in the previous year had a human component. 25% of all breaches in 2021 were due to social engineering attacks, showcasing not just the significance of employing advanced email defenses but additionally giving recurrent security awareness training to the staff.
The top three attack strategies were just like last year, though switching positions. System intrusions took the number one spot, next was web application attacks, and then social engineering. In healthcare, the top causes of data breaches were web application attacks, miscellaneous errors, and system intrusions, which caused 76% of all data breaches.
Verizon mentioned that although insiders have always been a top reason for data breaches in medical care, the growth in web application attacks has resulted in external threats exceeding insiders. Healthcare staff prompted 39% of breaches in 2021, which is significantly greater than the 18% across all other industry groups. Although there will continually be malicious insiders in the healthcare industry, workers are 2.5 times more probable to make a mistake than to maliciously exploit their access to information, with misdelivery and loss the most typical errors made in medical care.