Mon. Jun 27th, 2022
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    he flag
    ja flag
    lv flag
    pl flag
    pt flag
    es flag
    uk flag

    Content Assessment: Friends in Low Places? The 2022 Data Breach Investigations Report from Verizon

    Information - 96%
    Insight - 98%
    Relevance - 95%
    Objectivity - 97%
    Authority - 96%

    96%

    Excellent

    A short percentage-based assessment of the qualitative benefit of the 15th Annual Verizon Data Breach Investigations Report (DBIR).

    Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.

    To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.


    Background Note: Gain vital cybersecurity insights from the analysis of over 23,000 incidents and 5,200 confirmed breaches from around the world and shared by Verizon in the 15th Annual Verizon Data Breach Investigations Report. Presented to help minimize risk and keep businesses safe, the results of this comprehensive report may be beneficial for cybersecurity, information governance, and legal discovery professionals operating in the eDiscovery ecosystem and seeking to better understand data breach problems, pulse rates, and projections.

    Industry Report*

    15th Annual Verizon Data Breach Investigations Report

    By Gabriel Bassett, C. David Hylender, Philippe Langlois, Alex Pinto, and Suzanne Widup

    Executive Summary Extract

    As introduced in the 2018 report, the DBIR provides “a place for security practitioners to look for data-driven, real-world views on what commonly befalls companies with regard to cybercrime.” For this, our 15th-anniversary installment, we continue in that same tradition by providing insight into what threats your organization is likely to face today, along with the occasional look back at previous reports and how the threat landscape has changed over the intervening years.

    Speaking of change, the past year has been extraordinary in a number of ways, but it was certainly memorable with regard to the murky world of cybercrime. From very well-publicized critical infrastructure attacks to massive supply chain breaches, the financially motivated criminals and nefarious nation-state actors have rarely, if ever, come out swinging the way they did over the past 12 months. As in past years, we will examine what our data has to tell us about these and other common action types used against enterprises. This year we looked at 23,896 incidents, 5,212 of which were confirmed breaches. This data represents actual real-world breaches and incidents investigated by the Verizon Threat Research Advisory Center (VTRAC) or provided to us by our 87 global contributors, without whose generous help this document could not be produced. We hope that you can use this report and the information it contains to increase your awareness of the most common tactics used against organizations at large and against your specific industry, and what you can do to protect your company and its assets. While we routinely compare and contrast trends in the report, this year, in honor of the 15th publication, we attempt as often as possible to illustrate how tactics have evolved over the years.

    Key Takeaways

    • There are four key paths leading to your estate: Credentials, Phishing, Exploiting vulnerabilities, and botnets. All four are pervasive in all areas of the DBIR, and no organization is safe without a plan to handle each of them.
    • This year, ransomware has continued its upward trend with an almost 13% increase (for a total of 25% of breaches)—a rise as big as the past five years combined. It’s important to remember that, while ubiquitous and devastating, ransomware by itself is, at its core, a model of monetizing an organization’s access. Blocking the four key paths mentioned above helps to block the most common routes ransomware uses to invade your network.
    • 2021 illustrated how one key supply chain breach can lead to wide-ranging consequences. Supply chain was involved in 61% of incidents this year. Compromising the right partner is a force multiplier for threat actors. Unlike a financially motivated actor, nation-state threat actors may skip the breach altogether and opt to simply leverage the access.
    • Error continues to be a dominant trend and is responsible for 14% of breaches. This finding is heavily influenced by misconfigured cloud storage. While this is the second year in a row that we have seen a slight leveling out for this pattern, the fallibility of employees should not be discounted.
    • The human element continues to drive breaches. This year, 82% of breaches involved the human element. Whether it is the Use of stolen credentials, Phishing, Misuse, or simply an Error, people continue to play a very large role in incidents and breaches alike.

    Read the original overview.


     Executive Summary: 15th Annual Verizon Data Breach Investigations Report (PDF) – Mouseover to Scroll

    2022 Data Breach Investigations Report - Executive Summary

    Read the original summary.


    Complete Report: 15th Annual Verizon Data Breach Investigations Report (PDF) – Mouseover to Scroll

    2022 Data Breach Investigations Report DBIR

    Read the original report.


    *Shared with direct express written permission from Verizon CEO for Communications, Office of the CEO.

    Publication Source: Verizon. (2022). 15th Annual Verizon Data Breach Investigations Report. Verizon. Retrieved from https://www.verizon.com/business/resources/reports/2022/dbir/2022-data-breach-investigations-report-dbir.pdf. [Accessed 6 June 2022]

    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    Early Lessons from the Cyber War: A New Microsoft Report on Defending Ukraine

    According to a new report from Microsoft, the Russian invasion relies...

    From Continuity to Culture? Preserving and Securing Ukrainian Public and Private Sector Data

    Highlighted by ComplexDiscovery prior to the start of the current Ukrainian...

    Considering Access Control Policy Models? Blockchain for Access Control Systems (NIST)

    As current information systems and network architectures evolve to be more...

    Friends in Low Places? The 2022 Data Breach Investigations Report from Verizon

    The 15th Annual Data Breach Investigations Report (DBIR) from Verizon looked...

    TCDI to Acquire Aon’s eDiscovery Practice

    According to TCDI Founder and CEO Bill Johnson, “For 30 years,...

    Smarsh to Acquire TeleMessage

    “As in many other service industries, mobile communication is ubiquitous in...

    A Milestone Quarter? DISCO Announces First Quarter 2022 Financial Results

    According to Kiwi Camara, Co-Founder and CEO of DISCO, “This quarter...

    New from Nuix? Macquarie Australia Conference 2022 Presentation and Trading Update

    From a rebalanced leadership team to three concurrent horizons to drive...

    On the Move? 2022 eDiscovery Market Kinetics: Five Areas of Interest

    Recently ComplexDiscovery was provided an opportunity to share with the eDiscovery...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    A 2021 Look at eDiscovery Collection: Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    Five Great Reads on Cyber, Data, and Legal Discovery for June 2022

    From eDiscovery ecosystem players and pricing to data breach investigations and...

    Five Great Reads on Cyber, Data, and Legal Discovery for May 2022

    From eDiscovery pricing and buyers to cyberattacks and incident response, the...

    Five Great Reads on Cyber, Data, and Legal Discovery for April 2022

    From cyber attack statistics and frameworks to eDiscovery investments and providers,...

    Five Great Reads on Cyber, Data, and Legal Discovery for March 2022

    From new privacy frameworks and disinformation to business confidence and the...

    Hot or Not? Summer 2022 eDiscovery Business Confidence Survey

    Since January 2016, 2,701 individual responses to twenty-six quarterly eDiscovery Business...

    Inflection or Deflection? An Aggregate Overview of Eight Semi-Annual eDiscovery Pricing Surveys

    Initiated in the winter of 2019 and conducted eight times with...

    Feeding the Frenzy? Summer 2022 eDiscovery Pricing Survey Results

    Initiated in the winter of 2019 and conducted eight times with...

    Surge or Splurge? Eighteen Observations on eDiscovery Business Confidence in the Spring of 2022

    In the spring of 2022, 63.5% of survey respondents felt that...