Stolen credentials are the biggest security risk

Share post

The Verizon Data Breach Investigations Report 2022 (DBIR) examined 23.896 security incidents and 5.212 confirmed data breaches. He comes to one conclusion: Leaked and stolen access data are still the greatest security risk for companies.

From the analysis of the more than 100-page report, Patrick McBride, Chief Marketing Officer of Beyond Identity, has compiled the most important figures and offers tips on how companies can protect themselves from data leaks.

The 5 most important statistics from the Verizon DBIR

  • Stolen Passwords: The most popular method for attackers to gain access to a company's assets is through the use of leaked credentials: around 50 percent of security breaches are due to this, while phishing comes second with almost 20 percent.
  • Ransomware: The most common attack vector for ransomware was stolen credentials through desktop sharing software; and with ransomware up 13 percent year-over-year, the risks of credential theft continue to increase.
  • Leaked web applications: Over 80 percent of web application security breaches were caused by stolen credentials.
  • Motivation: Financial gain is still the main motive for criminals. More than 80 percent of hackers primarily want to make money with their attacks on companies of all sizes.
  • Human factor: Humans are still the weakest link in the security chain, as this year's report also shows: 82 percent of security breaches can be traced back to a human factor. Many people still fall for phishing scams or use previously stolen credentials.

The new Verizon report makes it clear, the majority of enterprise security breaches are still due to stolen credentials, and these open the door to phishing and ransomware campaigns for hackers. And even after they have managed to gain access to a company's systems, cybercriminals are mainly interested in stealing additional access data. Almost all common industries - education, hospitality, manufacturing, mining, quarrying, oil and gas exploration, and utilities - were equally affected.

Protect business and data effectively

Attacks with ransomware, leaked access data and phishing scams are now commonplace for companies. However, the following three security measures can minimize the risk of cyber attacks in the long term and help to protect sensitive data effectively against misuse:

  • Get rid of passwords: The report shows that passwords are the most common attack vector. Replacing them with alternative authentication methods can eliminate password-based attacks while increasing security.
  • Phishing-resistant multi-factor authentication (MFA): For too long, MFA solutions have relied on weak, easily bypassed, and hackable factors like passwords, SMS messages, and push notifications. Shifting to phishing-resistant MFA, using factors such as biometrics, cryptographic security keys, and user, device, and transaction security checks at the time of login, can ensure that authentication attempts are indeed legitimate.
  • "Never trust, always verify": This motto of the Zero Trust security principle is the basic requirement for a new security architecture in companies. It is not assumed that someone who can log in is also authorized to do so and can therefore access any resources in the network. Rather, the legitimacy of the user is repeatedly mistrusted and checked again and again.

Beyond Identity can use its know-how to help protect a company's network and resources with its unmanipulatable MFA. Everything from authentication to customizable risk policies to management controls is centralized in a single platform.

More at


About Beyond Identity

Beyond Identity provides the secure authentication platform, breaking down the barriers between cybersecurity, identity and device management, and fundamentally changing the way users log in - without passwords and with a frictionless, multi-step login process. Beyond password-free, the company offers zero-trust access for securing hybrid work environments where tight control over which users and which devices access critical cloud resources is essential.


Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more