Wednesday, 25 May 2022 KordaMentha is pleased to announce we have partnered with Verizon as a contributor to the 2022 Data Breach Investigations Report (DBIR). This year’s DBIR highlights the continued spike in ransomware breaches, which increased by 13% in a single year - a jump bigger than the previous five years combined. As attackers attempt to use more sophisticated malware, ransomware has shown to be particularly effective at exploiting and monetising unauthorised access to private information. The report identifies that people are still the weakest link in an organisation's cybersecurity defences. Social engineering attacks such as phishing accounted for 25% of total breaches in the 2022 report. When you add human errors and misuse of privileges, the human aspect accounts for 82% of examined breaches during the past year. This is the 15-year anniversary of the DBIR and the first time KordaMentha has worked with Verizon to contribute anonymised incident and breach data from the Cybersecurity and Forensic Technology practice. KordaMentha is proud to be one of the Australian based organisations contributing data to the global incident and breach dataset. The goal of the DBIR is to provide real-world data on how security breaches happen, who is behind them and what common mistakes victims make – this information can then be used to help organisations avoid becoming the victim of a cybersecurity incident or data breach. Key findings There are four key paths that lead to a data breach: Credentials, Phishing, Exploiting Vulnerabilities and Malicious Botnets. All four key paths are present throughout report findings, and no organisation can be protected unless it has a plan in place to deal with each of them. Ransomware has increased by over 13% (to a total of 25% of breaches), which is a rise as large as the previous five years combined. By blocking the four critical paths outlined above, you may prevent ransomware from infiltrating your network. The supply chain attacks that occurred in 2021 had far-reaching implications and the report indicates that the supply chain was involved in 62% of system intrusion incidents. Data breaches are often caused by the human element. People continue to play a significant role in incidents and breaches, whether it is using stolen credentials, phishing, misuse, or an error. Errors, including misconfiguration and misdelivery are now a major trend in breaches, accounting for 14% of all breaches. Misconfigured cloud storage has a significant impact on this result. The report breaks down the findings via industry verticals and geographic regions which enables organisations to be acutely aware of what is most likely to impact them. Key takeaways for the Asia-Pacific (APAC) region, along with the Financial and Healthcare sectors, is summarised below. APAC Attackers with financial motivation were associated with 81% of incidents in APAC. However, state-affiliated and nation-state actors with the goal of espionage were also common. The use of stolen credentials was the most common action, and it was utilised to compromise web applications in 60% of incidents. The number of social attacks in APAC is almost double that of other locations, and they are mostly comprised of phishing incidents which further highlights that the human element is a large concern in the region. Finance and Insurance Financial institutions continue to be targets of financially motivated organised crime, which often takes the form of social engineering (phishing), hacking (using stolen credentials), and malware (ransomware). Interestingly, misdelivery (which is delivery of sensitive information to the wrong recipient) is seen occurring more in the Finance and Insurance market than any other. Healthcare Healthcare has increasingly become a target of both routine hacking assaults and more devastating ransomware campaigns. Compromise of web applications has overtaken the miscellaneous errors in the Healthcare vertical and are now causing the most breaches, although errors are a still a significant problem. About the report The 2022 DBIR analysed 23,896 security incidents, of which 5,212 were confirmed breaches. The report is based on real world data that was obtained from 87 contributing partner organisations from around the globe. This is the largest number of contributors in the reports 15-year existence. Contributors range from law enforcement agencies to cybersecurity firms to CERTs and ISACs, and government agencies from several countries. You can obtain a copy of the 2022 Data Breach Investigations Report here.