This years Verizon Data Breach Investigations Report (DBIR) was the 15th edition. It was originally created to provide a place for security practitioners to look for data-driven, real-world views on what commonly befalls companies with regards to cybercrime.

You can read the full report here: 2022 Data Breach Investigations Report | Verizon – click ‘view online’ and ‘view only’ to avoid submitting any personal details 😊. The summary of findings section is especially worth reading, but some quick take aways are:

• Analysed 23,896 incidents and 5,212 confirmed data breaches
• 4 key attack vectors identified: Credentials, Phishing, Exploiting Vulnerabilities and Botnets
• Ransomware increased at a rate as big as the last 5 years combined!
• 82% of breaches involved the Human Element.

So how do you mitigate against the main attack vectors and the threat of ransomware?

Policy & Process

If you haven’t already got one in place, Saepio highly recommend developing an Incident Response Policy. Ensure key processes are outlined and key responsibilities are defined. Practice for ransomware events by conducting table-top exercises and build out playbooks for different scenarios.

Technology

Fundamental security controls can mitigate much of the risk presented by the main attack vectors identified in the Verizon report. Ensure you have a vulnerability management tool in place that is constantly scanning your environment for vulnerabilities and prioritising the order in which you need to patch them. Use multi-factor authentication (MFA) for access to sensitive or critical business systems and test the efficacy of your back-up solution. Ensure you’re using a leading endpoint protection platform and feed events into a centralised security monitoring system giving 24×7 alerting to incidents. Other controls are discussed in Saepio’s ransomware protection guide here: Ransomware Protection Guide – Saepio.

People

Implement a robust security awareness training programme, so that your staff are clued-up on common social engineering tactics cybercriminals use to compromise credentials, steal personal information and entice you to click on malicious links. If you don’t have the operational overhead to implement a training programme like this yourselves, then it makes sense to outsource to a third party to mitigate your risk.