The Verizon Data Breach Investigations Report 2022 (DBIR) examined 23.896 security incidents and 5.212 confirmed data breaches. He comes to one conclusion: Leaked and stolen access data are still the greatest security risk for companies.
From the analysis of the more than 100-page report, Patrick McBride, Chief Marketing Officer of Beyond Identity, has compiled the most important figures and offers tips on how companies can protect themselves from data leaks.
The 5 most important statistics from the Verizon DBIR
- Stolen Passwords: The most popular method for attackers to gain access to a company's assets is through the use of leaked credentials: around 50 percent of security breaches are due to this, while phishing comes second with almost 20 percent.
- Ransomware: The most common attack vector for ransomware was stolen credentials through desktop sharing software; and with ransomware up 13 percent year-over-year, the risks of credential theft continue to increase.
- Leaked web applications: Over 80 percent of web application security breaches were caused by stolen credentials.
- Motivation: Financial gain is still the main motive for criminals. More than 80 percent of hackers primarily want to make money with their attacks on companies of all sizes.
- Human factor: Humans are still the weakest link in the security chain, as this year's report also shows: 82 percent of security breaches can be traced back to a human factor. Many people still fall for phishing scams or use previously stolen credentials.
The new Verizon report makes it clear, the majority of enterprise security breaches are still due to stolen credentials, and these open the door to phishing and ransomware campaigns for hackers. And even after they have managed to gain access to a company's systems, cybercriminals are mainly interested in stealing additional access data. Almost all common industries - education, hospitality, manufacturing, mining, quarrying, oil and gas exploration, and utilities - were equally affected.
Protect business and data effectively
Attacks with ransomware, leaked access data and phishing scams are now commonplace for companies. However, the following three security measures can minimize the risk of cyber attacks in the long term and help to protect sensitive data effectively against misuse:
- Get rid of passwords: The report shows that passwords are the most common attack vector. Replacing them with alternative authentication methods can eliminate password-based attacks while increasing security.
- Phishing-resistant multi-factor authentication (MFA): For too long, MFA solutions have relied on weak, easily bypassed, and hackable factors like passwords, SMS messages, and push notifications. Shifting to phishing-resistant MFA, using factors such as biometrics, cryptographic security keys, and user, device, and transaction security checks at the time of login, can ensure that authentication attempts are indeed legitimate.
- "Never trust, always verify": This motto of the Zero Trust security principle is the basic requirement for a new security architecture in companies. It is not assumed that someone who can log in is also authorized to do so and can therefore access any resources in the network. Rather, the legitimacy of the user is repeatedly mistrusted and checked again and again.
Beyond Identity can use its know-how to help protect a company's network and resources with its unmanipulatable MFA. Everything from authentication to customizable risk policies to management controls is centralized in a single platform.
More at BeyondIdentity.com
About Beyond Identity
Beyond Identity provides the secure authentication platform, breaking down the barriers between cybersecurity, identity and device management, and fundamentally changing the way users log in - without passwords and with a frictionless, multi-step login process. Beyond password-free, the company offers zero-trust access for securing hybrid work environments where tight control over which users and which devices access critical cloud resources is essential.