The human element is behind security breaches. We reviewed DBIR Verizon's report on data breaches in 2022 and possible solutions

The human element continues to drive security breaches.

In 2022, 82% of the breaches involved the human element.

DBIR - 2022 Data Breach Investigations Report

DBIR 2022 Verizon

This is stated in the publication of Verizon 2022 Data Breach Investigations Report.

It has already been 15 years since Verizon’s first annual data breach investigation report was released. In the 2022 edition, the 108-page report analyzes more than 23,000 incidents and 5,200 confirmed breaches from all over the world.

The results of the Verizon study indicate the main causes of security breaches:

The use of exposed or stolen credentials
Impersonation
Misuse or simply a human error

DBIR 2022. Figure 1. The human component in leaks (n=4,110); each glyph represents 25 leaks.

It is clear that people continue to play a key role in both incidents and information security breaches.

DBIR. Relevant results

Breaches Involving Humans

82% of the breaches involved the human element, including social attacks, mistakes and misuse.

Ransomware

There was a 13% increase in ransomware breaches, more than in the last 5 years combined.

Supply Chain

In 62% of incidents, the pattern of intrusion into the system involved threat actors that compromised partners (supply chain).

Human cyber risk prevention services

Each risk element indicated by the Verizon report has its own mitigation strategies, but fortunately Kymatio has services that allow us to automate employee risk management, prevention and mitigation plans to:

The use of exposed or stolen credentials
Impersonation attacks
Misuse or simply a human error

Solutions. Use of exposed (or stolen) credentials

The use of stolen or compromised credentials is the most common cause of data breaches. Credentials were the main attack vector in 19% of the breaches in 2022 and also the main attack vector in 2021, causing 20% of the breaches.

Credentials, such as email address or password, can fall into the hands of criminals through social engineering attacks, but often the source usually turns out to be a data breach of an online service.

In any case, to address this problem holistically, it is necessary to monitor the exposure of credentials. The results obtained can serve as a driver to launch 2 lines of work.

Work with exposed credentials, control line

Periodic and automated review of the exposure of credentials, typology of the exposed data and potential impact of the exposed information (combination of email address and password, IP, users…). The organization must know its level of exposure and work on it internally.

Work with exposed credentials, staff awareness line

One of the best practices for raising employee awareness is working with them, in addition to third-party examples and general information, showing them real cases with their own data.

For more information on how to manage and mitigate the risk of stolen credentials or compromised in third-party breaches, we recommend Kymatio Account Breach Scanner (ABS).

Solutions. Impersonation

Phishing is a good example to illustrate this risk. It is part of our day-to-day life in a world in which we reach an advanced level of digitization in both the business and personal spheres.

Given this situation, it is essential to have a 360º attack simulation platform (phishing, spear phishing, smishing, malicious QR, etc.) that allows the training and simulation of cyberattacks.

The three main elements of this line of action are:

Measurement of the organization’s baseline with respect to its behavior against the different attack simulations.
Setting objectives to reduce human error. From the baseline data obtained, define a goal and coordinate efforts to achieve it in a set period so it is realistic and achievable.
Periodic training of the organization’s staff.

For more information on how to manage and mitigate the risk of spoofing, we recommend Kymatio Trickster.

Solutions. Misuse and human error (Awareness)

Social engineering, or people hacking, consists of psychologically compromising a person, in such a way that it is possible to alter their behavior by facilitating them to make decisions and take actions against their own interest and that of the organization, such as violating the confidentiality of the data.

But, in many cases, what happens is simply a lack of awareness about security coupled with the lack of sensitivity about the importance of having a security culture.

The best way to work on this risk is a new school security awareness program, reserving traditional elearning to be applied once the gaps are known. A program that allows us to understand those areas that each employee has to improve by determining all those elements that generate the HSG or Human Security Gap.

Not being an easy task, there are methodologies and services that will allow us to improve the situation in different lines:

Measurement of employee alert and gaps
Launch of personalized security awareness programs, aimed at areas where it is necessary to strengthen for each employee on an individual basis.
Confronting each person to specific situations, allowing them to say in each case the best alternative and manage to measure their evolution in each main security domain.
Deliver content that is agile, easy to consume (nano-micro content) and related to the necessary areas of knowledge.
Perform all of the above while respecting the employee’s time, in a flexible way.

To learn more about managing and mitigating the risk of misuse and human error, we recommend looking at how our services work together. Discover the Kymatio Assessment & Awareness program, the social engineering attack simulation training service -Kymatio Trickster, including NeuroPhishing– and credential exposure management with Kymatio Account Breach Scanner (ABS).