Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

State of Email Security 2022: Every Company’s Riskiest Channel |  Read the Full Report →

Email DLP, ATO/BEC

Key Takeaways from Verizon’s 2022 Data Breach Investigation Report

by John Filitz Thursday, May 26th, 2022

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

Verizon just released its annual Data Breach Investigation Report for 2022. Some highlights include the most targeted industries, the role of human error, insight on social engineering and the devastating impact that insider risk poses to your organization. The report also reveals email as a significant attack vector, and the preferred method for delivering malicious payloads. Ransomware is becoming a protracted security challenge, so too is the role of supply chains and the risk posed by misconfiguration.

 

Keep reading for key findings from the report.

Industries and attacks vectors

 

Top 3 industry verticals that suffered a breach. Finance, Professional Services and Healthcare suffered the highest proportion of breaches for the year.

 

Human error remains a significant breach risk factor. 82% of breaches involved the human element – either due to compromised credentials, phishing, misuse or error.

 

Securing end-users and systems should be prioritized equally. The 4 main paths to a breach include:

 

  • Credential compromise
  • Phishing
  • Exploiting vulnerabilities
  • Botnets

Top 2 targeted IT assets. Web applications (56% of breaches) and mail servers (28%) are the two most targeted IT assets by threat actors.

Social engineering, insider risk and attack motivations

 

Social engineering attacks are growing in complexity. Phishing (+60%) remains the dominant method for executing social engineering attacks, followed by the use of stolen credentials (+30%) and pretexting (27%).

 

Protecting against threat actors is a complex challenge. External threat actors account for 80% of breaches, and insiders 20%.

 

Insider breaches are the most devastating from a records exposure perspective. Insider breaches result in 10:1 more compromised records being exposed than external breaches do.

 

Money heist. Financial or personal gain is the key motive for over 80% of external threat actors.

Email is a significant attack vector

 

Email is the most preferred channel for threat actors. Email remains the #1 delivery mechanism for malware, including ransomware.

 

Email attracts the greatest investment in the attacker value chain. Email development, email addresses and email distribution see the highest share of investment from threat actors for carrying out a breach.

 

Office docs are the preferred trojan horse. Office docs are the preferred file for delivering malicious payloads, usually delivered via email.

 

BEC attacks come in different flavors. Phishing was responsible for 41% of BEC attacks, while credential theft was responsible for 43%. And pretexting, a component of phishing, is becoming increasingly prominent, responsible for 27% of social engineering breaches.

 

Don’t take solace in low phish rates. Even low phish rates of less than 3% can have devastating impacts on large organizations in terms of total records compromised.

Additional key findings

 

Ransomware attacks are trending in the wrong direction. The scourge of ransomware is accelerating at an unprecedented pace, up 13% YoY, representing the equivalent annual increase of the past 5 years combined.

 

The integrity of supply chains is in sharp focus. Supply chains are responsible for 62% of system intrusions.

 

As IT complexity increases so too does misconfiguration risk.  In a cloud based world, misconfiguration remains a mainstay vulnerability, responsible for 13% of breaches.

To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.

 

For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn

John Filitz Research Lead & Sr. Technical Writer