The data in the new Verizon”Data Breach Investigations Report(DBIR) offers critical information on the current state of cybersecurity. After a year of data breaches and cyberattacks constantly dominating the headlines, this year’s report takes a closer look at what adversaries are looking for when trying to infiltrate companies and organizations. This year’s DBIR, the 15th edition, confirms what we’ve assumed: cyber threats are on the rise, and we must work together to improve our security posture. The findings compiled in the report are timely for the trained security researcher, but here are three takeaways that I think are the most important.
Conducting the Symphony of Disruption
The most common action adversaries take to disrupt their target’s IT ecosystem is to launch denial-of-service (DoS) attacks that effectively flood a network with traffic or information in the quest to bring it down. The 2022 DBIR says that 46% of all incidents were DoS attacks, followed by targeted remote access attacks, including backdoor and command-and-control-based attacks. Distracting and disrupting IT and security teams in this way can help obfuscate and bury the other antagonistic activities in your toolset as they seek your initial access.
Ransomware, phishing, stolen credentials, and various other types of attacks round out the list, but one attack vector stands out from the rest. More than 60% of security incidents in the last year were done through a web application, according to data collected by Verizon in recent years.
Since web applications, closely followed by email, are where your organization most frequently connects to the Internet, it makes sense that they would be the primary vectors for threat actors trying to breach your environment. While a web application can fall victim to a skilled SQL hacker or exploit at hand, email is the domain of virtually every employee in every organization. This is why social engineering played a role in nearly all of the 5,212 breaches recorded in the 2022 DBIR.
Is your human safe?
The 2022 DBIR highlights the importance of maintaining a strong security awareness program, which I believe is a critical element in securing an organization. Nearly 82% of all breaches recorded last year involved social engineering in some form, with threat actors preferring to phishing their targets via email more than 60% of the time.
Although the DBIR found that only 2.9% of employees clicked on phishing emails last year, that’s more than enough for hackers to work with, especially if they can steal credentials or download the malware of your choice afterward. of phishing. The bottom line for me is that there is a continuing trend for staff to report more phishing attempts and, more importantly, to report them after they have responded to a phishing email.
Building an organizational culture that allows staff to feel comfortable admitting they’ve been duped is a difficult task because security awareness is traditionally a stick used to punish people and a metric to cover security compliance checkboxes. business.
Security leaders must create a program that encompasses their organization and not just shames them for failing. For example, we need to create programs that don’t automatically “fail” someone for clicking a link, because that’s what links are for! A program that seeks to trick its own colleagues into failure is generally unproductive in the educational process and does almost nothing for the company’s security posture.
A good security awareness training program is consistent, specific, and narrow in scope to allow employees to learn and practice one security skill at a time. Avoiding information overload will keep employees engaged and prepared for emerging threats.
And finally, security awareness is not just a corporate project. Strong awareness and education will help staff become more aware of digital risks in their personal lives as well. Well-implemented security awareness programs take advantage of this blur to encourage your staff to care about security.
The ransomware business is booming
Ransomware, to no one’s surprise, is increasing in frequency by 13% over the previous year, with nearly 70% of malware breaches involving some form of malware. The spectacular increase in ransomware attacks — as large as the increases in the past five years combined, according to the report — makes sense, since hackers looking to make a quick buck need only encrypt their target’s data rather than search for specific financial information or credentials within their password. environment.
The report also indicates that 40% of ransomware incidents last year involved the use of desktop sharing software. For example, cybercriminals used this tactic by exploiting vulnerabilities in Microsoft RDP, or simply weak or stolen user credentials. On the other hand, 35% of ransomware incidents involved the use of email, leading researchers to recommend that organizations block their RDP and ensure their emails are scanned for potential phishing attempts. . How we are in 2022 and still being attacked by such a well-known attack vector as email is surely one of the biggest questions to come out of this report.
The DBIR is an excellent resource for the cybersecurity community to assess the past tumultuous 12 months, and the data it contains can be evaluated to predict trends in attack types, vectors, and hacker motivations over the next year. In 2021, adversaries made it clear that they were more focused on money than anything else, and with vulnerabilities doubling from the previous year, it’s a safe bet to say that, once again, security fundamentals Cyber, both in IT hygiene and human engagement, will be the key to reducing the risk of damage and loss.