Verizon 2022 Data Breach Investigations Report
This week, Verizon released its DBIR report marking 15 years of the annual report. In the report, Verizon highlighted their analysis of more than 5,212 breaches and 23,896 security incidents to find that attackers have four key paths to enterprise estates; credentials, phishing, exploiting vulnerabilities, and malicious botnets.
They go on to state that hackers exploit the human element (including errors, misuse and social engineering). Combining this element and the entry points above, hackers gain access to organizations to launch their attacks. In fact, Verizon states that 82% of intrusions this year were related to that human element which included – errors, misuse, and social engineering. In addition, the Verizon research broke down the factors leveraged in a breach:
- 45% were related to credential reuse
- 25% were related to social engineering
- 50% were related to remote access and web applications
The takeaway here is the fact that humans (re. employees) are still the weak link in the security chain. Why? Because users continue to click malicious links, they continue to “lose” or give away their credentials. Users are still making poor security decisions and as a result, hackers are gaining access to applications, systems, and data. While that likely is not a surprise to anyone the numbers make this abundantly clear. As they do most years. And while these reports can be all doom and gloom, fear not, it’s not all bad, because there are ways to fix the problem.
While eliminating the human element sounds challenging for organizations, there are options. Verizon recommends the usual approach to solve some of these problems like deploying two-factor authentication and/or implementing password managers for users, all in an effort to avoid the impact credentials introduce. This approach can reduce the likelihood of attackers being able to exploit poor passwords to gain access to applications, systems, and data. These capabilities have been available and in production for years BUT we are still seeing similar numbers year over year from reports like this year’s DBIR.
Let’s focus on credentials. Why? If you do a quick search for the term in the report it appears 86 times! With that in mind, the report states: “Unfortunately, if you can access the asset directly over the internet simply by entering the credentials, so can the criminals.” So if we can improve upon authenticating users without the use of credentials then I’d argue organizations will be better for it.
How can the use of credentials be improved over the recommendations? Eliminating as many of them as possible. But how? It sounds complicated and even impossible! But that’s simply not the case. Take for instance what 1Kosmos customers can do. Our customers systematically replace credentials with real biometrics that are matched to a verified digital identity and it works across all operating systems including Microsoft, Mac, Unix, and Linux.
How can credentials be replaced? With identity. By combining identity verification with access management organizations can eliminate credentials, especially passwords and therefore, prevent most of the 82% of intrusions caused by humans. This would then free up organizations to place focus on other areas that inject more security risk.
Hopefully, more organizations will take this approach and next year we’ll see a decline in these human-based errors.