Key findings from the DBIR: The most common paths to enterprise estates

We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!

Today, Verizon released the 2022 Data Violation Investigation Report (DBIR), which analyzed more than 5,212 violations and 23,896 security incidents.

The report shows that the attackers had four main routes to the enterprise estate; Identity card, phishing, exploitation of vulnerabilities and malicious botnets.

Hackers can use any of these entry points to gain access to a secure network and to attack. In general, they will do this by exploiting the human element (including errors, abuse, and social engineering), which is responsible for 82% of infiltration this year.

More specifically, research has also shown that 50% of breaches revolve around remote access and web applications, while 25% were contributed by social engineering, and 45% of breaches involved identity card reuse.

New threat landscape: ‘Breaking breaks’

One of the report’s most important revelations is that supply chain events provide risky actors with the materials they need to access downstream enterprise systems, explaining why 97% of companies have reported negative impacts by supply chain security breaches in the past. .

Verizon’s DBIR suggests that hazardous artists use supply chain breaches because they act as a force multiplier, enabling them to breach upstream organizations and service providers before using access and information gained to enter downstream organizations’ systems.

Or as a senior information security data scientist on the Verizon Security Research Team, Gabriel Bassett describes it as “breach.” “Violations on a partner can lead to your own breach, such as with a supply chain breach. Access paths can be obtained by risky actors and sold on criminal markets.

Bassett explains that for the most part, hackers exploit the human element to gain early access through phishing scams or identity card theft and reuse.

“After purchasing Access, the new attacker monetizes it with other breaches, often with ransomware (a 13% increase in breaches this year, more than combined in the last 5 years,” Bassett said.

Reflect on DBIR: Best practices for adventures

While minimizing the human element can be challenging for organizations, Bassett highlights some of the key tools that enterprises have at their disposal to secure the four avenues of access to their assets.

Simple steps such as deploying two-factor authentication and providing users with password managers to avoid re-identification can reduce the likelihood that attackers will be able to exploit weak passwords to gain access to internal systems.

Similarly, organizations can reduce phishing by implementing robust mail filters and developing explicit phishing reporting processes, so that security teams are ready to take action whenever users report suspicious emails, while using antivirus tools to prevent botnet threats and endnake malicious software. Preventing infection.

Then for vulnerability management, organizations can develop a recurring asset management process, the vendor can install patches whenever possible, and not try to patch a new issue every time it comes up.

Above all, the key to a successful defense is efficiency. “An important point for organizations is that attackers have repetitive processes for all of these methods of access. Attackers are efficient in these attacks so we have to be efficient in our defense.”

Venturebeat’s mission Digital Town Square is set to become a place for technical decision makers to gain knowledge about the changing enterprise technology and practices. Learn more about membership.

Similar Posts

Leave a Reply

Your email address will not be published.