Verizon 2022 Data Breach Investigation Report

  • Published: Tuesday, May 31, 2022

Verizon's annual Data Breach Investigation Report (DBIR) is out! Key takeaways indicate that ransomware, supply-chain threats and human error are prevalent threats. Now in its fifteenth year, the Verizon DBIR is trusted and respected in cybersecurity for its annual reporting and analysis of incidents and breaches. You can download and read the full report, but here are some key findings.

This report is focused on 23,896 security incidents, of which 5,212 were confirmed data breaches. An incident is defined as a security event that compromises the integrity, confidentiality or availability of an information asset. A breach is an incident that results in the confirmed disclosure--not just potential exposure--of data to an unauthorized party (page 4).

The summary of findings notes that there are four key paths leading to your data: credentials, phishing, exploiting vulnerabilities and botnets. A plan to address each of these areas is recommended.

  • Ransomware attacks have increased by 13 percent.
  • Supply chain attacks were responsible for 62 percent of system intrusion.
  • Human error is accounts for 13 percent of breaches.
  • Stolen credentials, phishing, misuse or error by people caused 82 percent of breaches.
  • Denial of Service (DoS) activity represents 46 percent of total incidents.
  • Backdoor or command and control (C2) actions follow with 17 percent.

What type of data is compromised in a data breach? This report shows a decline in payment card data and attributes this decrease to the added security controls in the past few years. The top two data types now are credentials and personal data.

In terms of discovery time, it seems it is likely to detect a breach within days rather than months. Attackers are shortening the path in order to keep the defenders from blocking their access.

Affected industries are further evaluated beginning on page 49. In education services there are some interesting findings:

  • System intrusion, web application attacks and miscellaneous errors represent 80 percent of the breaches.
  • Of these threats, 75 percent are conducted by external actors and are financially motivated (95 percent).
  • Personal data (63 percent) and credentials (41 percent) are the targets.
  • The report recommends implementing CIS Controls v8 for Security Awareness and Skills Training (SDS 14), Access Control Management (CSC 6) and Secure Configuration of Enterprise Assets and Software (CSC 4).

Want to skip the full report? Here are some key pages to check out:
Page 6: Introduction
Page 7: Summary of findings
Pages 25-30: System Intrusion - 7,013 incidents, 1,999 confirmed data disclosure
Pages 33-35: Social Engineering - 2,249 incidents, 1,063 confirmed data disclosure
Pages 39-40: Miscellaneous errors - 715 incidents, 708 confirmed data disclosure
Pages 41-42: Denial of Service - 8,456 incidents, 4 confirmed data disclosure
Pages 47-48: Privilege Misuse - 275 incidents, 216 confirmed data disclosure
Pages 49-76: Highlight the incidents and breaches by industry
Pages 57-58: Educational Services<

Resources