What You Need to Know About Verizon’s 2022 Data Breach Investigations Report

May 27, 2022
3 min read


The cybersecurity landscape continues to expand evolve on a near-daily basis. This expansion is fueled by bad actors who create new tools to gain access to sensitive date, while security experts and researchers in world governments and private corporations attempt to anticipate threats and out-maneuver them.

The past year has been no exception as the use of ransomware expanded to have its most impactful year in recent memory.

That, and more, are revealed in Verizon’s latest security breach report. The annual report, referred to as the Data Breach Investigations Report (DBIR), analyzes thousands of security incidents to determine causes and identify broader patterns.

Here’s one broad pattern worth mentioning: While infrastructure intrusions data breaches, referring to hacks, malware, and ransomware, were the most common type of data breach in 2021, they were not ranked even in the top three as recently as 2019.

Here are other patterns worth mentioning:

  • Basic Web application attacks: Attacks against Web applications where the attacker is after the data.
  • Denial-of-service attacks: Network and application-layer attacks compromising the availability of networks and systems.
  • Privilege misuse: Involves unapproved or malicious use of legitimate privileges.
  • Social engineering: Tricking an individual into compromising the security of a device or data.
  • System intrusion: Attacks depending on malware (including ransomware) or hacking to compromise systems.

Additionally, ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. And ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

Verizon also estimates that 82 percent of breaches involved the human element, referring to human errors and misuse. The human element remains the biggest single exploit. We’ve hosted our own webinar on ransomware and the human element. It’s more poignant than ever.

System intrusions tend to be one of the more complex breaches because they consist of multiple different actions, such as social engineering, malware, and hacking. One reason for the spike in system intrusions may be the fact that supply chain and ransomware attacks increased dramatically this year, the researchers say.

The most common ways that attackers carry out data breaches (which is a type of system intrusions) includes the use of command-and-control servers to execute commands, stolen credentials, malware deploying backdoors, and ransomware. The five most common attack vectors were third-party software, software updates, desktop sharing software, email, and Web applications.

Web application attacks, on the other hand, consist of two groups of actions as identified in Verizon’s dataset: gaining access to the server and to the payload itself.

Bad actors may attempt to steal credentials, exploit vulnerabilities, and brute-force passwords to gain access to a server. While the majority of these attacks focus on the Web application, attackers also rely on backdoors, remote injection, and accessing desktop sharing software to compromise the server.

The information in this year’s report is important, and we’d encourage you to read through it yourself.

But the main takeaway is this: Cyber threats are getting more serious, more costly, and harder to defend against. That’s why you need experts on your side. If you want to review your current security posture, contact Tigunia today.