The 15th!!! granddaddy of security incident surveys. Required reading for security folk. Cool data cuts by industry. And written by folks not afraid of riffs like, “if the slanted areas of two (or more) bars overlap, you can’t really say one is bigger than the other without angering the math gods.”
Anyone remotely involved in security.
Please provide the information below to view the online Verizon Data Breach Investigations Report.
There are four key paths leading to your estate: Credentials, Phishing, Exploiting vulnerabilities, and Botnets. All four are pervasive in all areas of the DBIR, and no organization is safe without a plan to handle each of them.
This year ransomware has continued its upward trend with an almost 13% rise–an increase as big as the last five years combined. It’s important to remember that while ubiquitous and potentially devastating, ransomware by itself is, at its core, simply a model of monetizing an organization's access. Blocking the four key paths mentioned above helps to block the common routes ransomware uses to invade your network.
2021 illustrated how one key supply chain incident can lead to wide ranging consequences. Compromising the right partner is a force multiplier for threat actors. Unlike a financially motivated actor, nation-state threat actors may skip the breach altogether, and opt to simply keep the access to leverage at a later time.
Error continues to be a dominant trend, and is heavily influenced by misconfigured cloud storage. While this is the second year in a row that we have seen a slight leveling out for this pattern, the fallibility of employees should not be discounted.
The human element continues to drive breaches. Whether it is the use of stolen credentials, phishing or simply an error, people continue to play a large part in incidents and breaches alike.