May 25, 2022 by Jesus Vigo

2022 Verizon Data Breach Investigations Report Summary

Marking its fifteenth year, Verizon’s Data Breach Investigations Report analyzes data breach demographics spread across multiple industry verticals, providing results based on breach cases and incidents reviewed. The data gleaned from its analysis provides organizations insight into what threat types are driving attacks and how trends play a significant role over time in security. Additional guidance is provided based on quantifiable data from industry leaders, such as Jamf. Verizon also includes security recommendations, indicators of compromise and next steps to take after a breach has been identified, from very small businesses to large enterprises.

What is the Data Breach Investigations Report?

Since 2008 Verizon has been conducting its annual Data Breach Investigations Report (DBIR) and 2022 marks the 15th anniversary since they began gathering information on data breach incidents and cases from industry verticals across the globe.

In this fifteen-year stretch, Verizon has accumulated nearly nine terabytes of data spanning close to 250,000 breaches and almost 1,000,000 unique security incidents, providing analytical, contextual and historical findings relating to the vectors that allow for threats and attacks to occur.

Not only does this data allow Verizon to quantify how vulnerabilities directly relate to threats, but the data supports granularly assessing how multiple industries are affected differently, as well as how attacks may differ by geographical region across:

Asia Pacific
Europe, Middle East and Africa
Northern America
Latin America and the Caribbean

“For anyone interested in learning more about modern attack techniques, the data attackers are chasing, and the industries impacted over the past year, there’s no better source for real-world data than the DBIR,” said Michael Covington, VP of Portfolio Strategy at Jamf.

Key findings:

The DBIR is a treasure trove of insights into the current state of the threat landscape. Some highlights from this year’s report include the following:

People play a very large role in the breakdown of systems. 82% of the breaches reported in the 2022 DBIR involved the use of stolen credentials, phishing, or simply human-made errors. [p8]
External attackers are consistently recognized as the leading cause of data breaches, despite the commonly held belief that insider incidents are common. [p11]
90% of cases involving stolen devices cannot be classified as breaches because organizations lack the tools or insights to confirm data compromise. [p44]
Mobile-related incidents were highlighted for the first time with a dedicated section [p45] that puts a spotlight on hybrid work threats like (a) 58% of mobile devices had at least one malicious URL clicked; (b) one-fifth of phishing successes came from a mobile device.

How does DBIR help organizations with security?

Furthering the purpose of their findings, Verizon partners with industry leaders in information security to provide guidance on how organizations can better protect themselves, their users and their sensitive/critical data by incorporating the A4 grid by VERIS:

Determining who is behind an attack (Actor)
Analyzing the types of attacks being conducted (Action)
Evaluating what resources are being targeted (Asset)
Identifying any variables pertaining to assets (Attributes)

Armed with the results from breaches that have occurred and pairing it with expert testimonials from trusted partners, such as Jamf, the only Apple-focused security solutions partner to be included in the DBIR, the information proves itself invaluable to organizations as they plan for protecting themselves against potential attacks targeting them and/or their industry.

Accommodation and Food Services
Arts, Entertainment and Recreation
Educational Services
Financial and Insurance
Healthcare
Information
Manufacturing
Mining, Quarrying, and Oil & Gas Extraction + Utilities
Professional, Scientific and Technical Services
Public Administration
Retail

What if you’re not a large-scale enterprise?

For the first time, the DBIR highlights security-based threats facing very small businesses. What classifies a very small business? Any company within any industry with ten employees or less.

Often, leaner organizations or those that operate at a smaller scale than larger-scale operations are affected by numerous factors, such as access to adequate security controls, limited financial resources and/or support availability when having suffered a breach or attempting to determine the next steps on the path of remediation.

Yet, while smaller organizations may be at a disadvantage in staving off threats and responding to data breaches, they are not limited by the scope or scale with which bad actors will attack their organization. In other words, the size of the threat does not equal the size of the company, making for difficult waters to navigate. In this version of the DBIR, Verizon includes guidance aimed specifically at very small businesses in a concerted effort to provide guidance on securing company resources and protecting them against security threats, such as:

Highlighting threats and trends aimed at this market segment
Basic security recommendations for securing endpoints
Indicators of compromise that signal if they’re victims of cybercrime
Next steps, including information on who to contact if a breach has been suffered