Skip to content
Kymatio
Home
Services
Partners
Blog
Contact
[Español]
Log in
Log in

The human element is behind security breaches. We reviewed DBIR Verizon’s report on data breaches in 2022 and possible solutions

By Fernando MateusIn About Kymatio, Cyber Insider News, Cyberpsychology, Employee Cyber Risk, Insider intelligence, Kymatio A&A - Assessment & Awareness, Kymatio Account Breach Scanner - ABS (Credentials Exposition), Kymatio Trickster (Attack Simulation), Strategic directionPosted 27 January, 2023
Kymatio News data breach / brechas de seguridad

The human element continues to drive security breaches.

In 2022, 82% of the breaches involved the human element.
DBIR - 2022 Data Breach Investigations Report
DBIR 2022 Verizon

This is stated in the publication of Verizon 2022 Data Breach Investigations Report. 

It has already been 15 years since Verizon’s first annual data breach investigation report was released. In the 2022 edition, the 108-page report analyzes more than 23,000 incidents and 5,200 confirmed breaches from all over the world.

The results of the Verizon study indicate the main causes of security breaches:

  • The use of exposed or stolen credentials
  • Impersonation
  • Misuse or simply a human error
Figura 1. El componente humano en las fugas (n=4,110); cada glifo representa 25 fugas. (Fuente: DBIR de 2022).

DBIR 2022. Figure 1. The human component in leaks (n=4,110); each glyph represents 25 leaks.

It is clear that people continue to play a key role in both incidents and information security breaches.

DBIR. Relevant results

0%
Breaches Involving Humans

82% of the breaches involved the human element, including social attacks, mistakes and misuse.

0%
Ransomware

There was a 13% increase in ransomware breaches, more than in the last 5 years combined.

0%
Supply Chain

In 62% of incidents, the pattern of intrusion into the system involved threat actors that compromised partners (supply chain).

Human cyber risk prevention services

Each risk element indicated by the Verizon report has its own mitigation strategies, but fortunately Kymatio has services that allow us to automate employee risk management, prevention and mitigation plans to:

  • The use of exposed or stolen credentials
  • Impersonation attacks
  • Misuse or simply a human error

Solutions. Use of exposed (or stolen) credentials

Kymatio News Credential Theft. AI generated image, cyber security, credential theft, by nightcafe.studio/

The use of stolen or compromised credentials is the most common cause of data breaches. Credentials were the main attack vector in 19% of the breaches in 2022 and also the main attack vector in 2021, causing 20% of the breaches.

Credentials, such as email address or password, can fall into the hands of criminals through social engineering attacks, but often the source usually turns out to be a data breach of an online service.

In any case, to address this problem holistically, it is necessary to monitor the exposure of credentials. The results obtained can serve as a driver to launch 2 lines of work.

Work with exposed credentials, control line

Periodic and automated review of the exposure of credentials, typology of the exposed data and potential impact of the exposed information (combination of email address and password, IP, users…). The organization must know its level of exposure and work on it internally.

Work with exposed credentials, staff awareness line

One of the best practices for raising employee awareness is working with them, in addition to third-party examples and general information, showing them real cases with their own data.

For more information on how to manage and mitigate the risk of stolen credentials or compromised in third-party breaches, we recommend Kymatio Account Breach Scanner (ABS).

Solutions. Impersonation

Kymatio News Impersonation. AI generated image, cyber security, credential theft, by nightcafe.studio/

Phishing is a good example to illustrate this risk. It is part of our day-to-day life in a world in which we reach an advanced level of digitization in both the business and personal spheres.

Given this situation, it is essential to have a 360º attack simulation platform (phishing, spear phishing, smishing, malicious QR, etc.) that allows the training and simulation of cyberattacks.

The three main elements of this line of action are:

  • Measurement of the organization’s baseline with respect to its behavior against the different attack simulations.
  • Setting objectives to reduce human error. From the baseline data obtained, define a goal and coordinate efforts to achieve it in a set period so it is realistic and achievable.
  • Periodic training of the organization’s staff.
For more information on how to manage and mitigate the risk of spoofing, we recommend Kymatio Trickster.

Solutions. Misuse and human error (Awareness)

The human element is behind security breaches. We reviewed DBIR Verizon's report on data breaches in 2022 and possible solutions 3

Social engineering, or people hacking, consists of psychologically compromising a person, in such a way that it is possible to alter their behavior by facilitating them to make decisions and take actions against their own interest and that of the organization, such as violating the confidentiality of the data.

But, in many cases, what happens is simply a lack of awareness about security coupled with the lack of sensitivity about the importance of having a security culture.

The best way to work on this risk is a new school security awareness program, reserving traditional elearning to be applied once the gaps are known. A program that allows us to understand those areas that each employee has to improve by determining all those elements that generate the HSG or Human Security Gap.

Not being an easy task, there are methodologies and services that will allow us to improve the situation in different lines:

  • Measurement of employee alert and gaps
  • Launch of personalized security awareness programs, aimed at areas where it is necessary to strengthen for each employee on an individual basis.
  • Confronting each person to specific situations, allowing them to say in each case the best alternative and manage to measure their evolution in each main security domain.
  • Deliver content that is agile, easy to consume (nano-micro content) and related to the necessary areas of knowledge.
  • Perform all of the above while respecting the employee’s time, in a flexible way.

To learn more about managing and mitigating the risk of misuse and human error, we recommend looking at how our services work together. Discover the Kymatio Assessment & Awareness program, the social engineering attack simulation training service -Kymatio Trickster, including NeuroPhishing– and credential exposure management with Kymatio Account Breach Scanner (ABS).

0%
Human Error
Reduction

“At Smartick we have managed to reduce the number of human errors in simulated attacks by 80%”
David Rodriguez

Alert! Cyber scams now use QR codes to steal your user credentials
28
Alert! Cyber scams now use QR codes to steal your user credentials
Barbie Movie Phishing Alert: Don’t Be Fooled By Scams
31
Barbie Movie Phishing Alert: Don’t Be Fooled By Scams
Cybersecurity: also within the family
03
Cybersecurity: also within the family
What is reverse social engineering and what makes it so dangerous?
10
What is reverse social engineering and what makes it so dangerous?
Tags: EnglishHuman factorHuman firewallRansomwareSocial engineering
Fernando Mateus

Fernando Mateus

https://www.linkedin.com/in/mateus/

Post navigation

Previous
Previous

Palladium Hotel Group deploys Kymatio to prepare its employees against cybersecurity threats

Next
Next

Kymatio’s new AI prepares employees in a fully personalized way against Social Engineering attacks

Related Posts

Alert! Cyber scams now use QR codes to steal your user credentials 5
14 September, 2023
Alert! Cyber scams now use QR codes to steal your user credentials
Barbie Movie Phishing Alert: Don't Be Fooled By Scams 7
8 August, 2023
Barbie Movie Phishing Alert: Don’t Be Fooled By Scams
Ciberseguridad: también en la familia
1 August, 2023
Cybersecurity: also within the family
What is reverse social engineering and what makes it so dangerous? 9
18 July, 2023
What is reverse social engineering and what makes it so dangerous?

Search in Kymatio

News Categories

Cyber Insider

Kymatio

Recent Posts

  • Alert! Cyber scams now use QR codes to steal your user credentials
  • Barbie Movie Phishing Alert: Don’t Be Fooled By Scams
  • Cybersecurity: also within the family
  • What is reverse social engineering and what makes it so dangerous?
  • Sifted has chosen Kymatio as one of the startups to watch in the Deeptech-Cybersecurity category.
  • 🔒 Cybersecurity and AI-Generated deception: Protecting authenticity in the digital era 🔒
  • Responsibility of the board of directors against cybersecurity risk. Recommendations.
  • Beware off SMS text messages! The ‘Smishing’ returns
  • Kymatio’s new AI prepares employees in a fully personalized way against Social Engineering attacks
  • The human element is behind security breaches. We reviewed DBIR Verizon’s report on data breaches in 2022 and possible solutions
  • Palladium Hotel Group deploys Kymatio to prepare its employees against cybersecurity threats
  • 2023, we premiere a new year with a new type of phishing attack: “The Blank Image Attack”
  • Reducing supply chain cyber risk begins with recognizing social engineering as today’s biggest threat
  • 2023 Cybersecurity Trends: Human Factor
  • The 7 key elements to improve the Cybersecurity Awareness Program and its relationship with compliance requirements.

Categories

  • About Kymatio
  • Articles
  • Artificial intelligence
  • Awards and honours
  • Cyber Insider News
  • Cyberpsychology
  • Employee Cyber Risk
  • European Cyber Security Organisation (ECSO)
  • Events
  • External articles
  • INCIBE
  • Insider intelligence
  • Insiders
  • Interviews
  • Investors
  • Kymatio A&A – Assessment & Awareness
  • Kymatio Account Breach Scanner – ABS (Credentials Exposition)
  • Kymatio in the media
  • Kymatio Trickster (Attack Simulation)
  • Partnerships
  • Recruiting
  • RSA
  • Sin categoría
  • Strategic direction
  • Talent
  • Testimonials
  • Xmas

RSS Kymatio RSS feed English

  • Alert! Cyber scams now use QR codes to steal your user credentials 14 September, 2023
    Today, cybercriminals have the ability to devise attacks and deceptions using any form of technology available. This implies that, when browsing the internet and also in the offline world, we must be careful in our actions, since we could fall into traps. In this article we will focus on the phenomenon known as QRishing or […]
    Kymatio
  • Barbie Movie Phishing Alert: Don’t Be Fooled By Scams 8 August, 2023
    Beware Of Barbie Scams – What You Should Know After The Recent Movie Release The Barbie movie has captivated audiences around the world, breaking box office records and generating tremendous excitement and enthusiasm among fans. However, as with any major news story, cybercriminals are quick to exploit the fervor surrounding the film for their own […]
    Kymatio
  • Cybersecurity: also within the family 1 August, 2023
    To many, the term “cybersecurity” may sound like a word related to the organizational field. Although it is true that it is a very important factor to take into account to ensure the security of the information that we handle in our workplace, it is not the only moment in which we must keep it […]
    Andrea Zamorano
  • What is reverse social engineering and what makes it so dangerous? 18 July, 2023
    In other previous publications we have already commented on the huge problem that social engineering represents today, both for organizations and for individuals. This is one of the main attack methods used by cybercriminals, and it does not seem to be stopping. Let’s remember that social engineers seek to exploit people’s vulnerabilities in order to […]
    Andrea Zamorano
  • Sifted has chosen Kymatio as one of the startups to watch in the Deeptech-Cybersecurity category. 18 June, 2023
    Sifted has included Kymatio in their prestigious selection of startups to watch, specifically in the Deeptech-Cybersecurity category. This recognition highlights Kymatio’s innovative approach and positions them as a leading player in the field. From Madrid to Milan, Bucharest to Berlin, startup innovators are rewriting the economy’s rules and making waves across the continent. With some […]
    Kymatio
  • 🔒 Cybersecurity and AI-Generated deception: Protecting authenticity in the digital era 🔒 10 June, 2023
    In its most basic sense, a deepfake is a combination of artificial intelligence technologies that clone faces and voices, allowing the creation of computer-generated videos that resemble real individuals. In terms of security, deepfakes are going to be a nightmare. #artificialintelligence #security #humanfirewall #neurophishing Kymatio – Human Firewall Activation The growing popularity of artificial intelligence […]
    Fernando Mateus
  • Responsibility of the board of directors against cybersecurity risk. Recommendations. 9 May, 2023
    In 2022, a record number of cyber attacks was reached. There was a particularly notable increase in those based on obtaining the credentials of template members, installing malware, phishing, smishing or denial of service. It is worth noting the interest that criminals have in attacking employees and their derived risk towards the supply chain. This […]
    Fernando Mateus
  • Beware off SMS text messages! The ‘Smishing’ returns 2 March, 2023
    Have you received messages that say something like this: “For security reasons, we have blocked your card. Verify your account to activate access in the following link”, or “We have detected unusual movements in your bank account, by prevention, if not have you confirmed on our website by clicking on the following link “? These […]
    Rafael Tuñon
  • Kymatio’s new AI prepares employees in a fully personalized way against Social Engineering attacks 1 March, 2023
    Image by Gerd Altmann from Pixabay Kymatio® launches its new Social Engineering module so that employees can learn how to better protect themselves against this type of attack. Cybercriminals take advantage of people’s vulnerabilities to successfully carry out their attacks. To combat them, Kymatio® has developed neurophishing and neurosmishing functionalities. What are neurophishing and neurosmishing? […]
    Kymatio
  • The human element is behind security breaches. We reviewed DBIR Verizon’s report on data breaches in 2022 and possible solutions 26 January, 2023
    The human element continues to drive security breaches. In 2022, 82% of the breaches involved the human element. DBIR 2022 Verizon This is stated in the publication of Verizon 2022 Data Breach Investigations Report.  It has already been 15 years since Verizon’s first annual data breach investigation report was released. In the 2022 edition, the 108-page […]
    Fernando Mateus

Suscríbete a nuestra newsletter

subscribe
Kymatio

+34 644 765 240 

contact@kymatio.com 

Producto

Análisis del Riesgo Interno
Plan Prevención Riesgo Interno
Fortalecimiento empleados

Empresa

Home
Services
Partners
Blog
Contact
[Español]

Redes Sociales

Youtube Linkedin-in Facebook-f Twitter
Sello PYME INNOVADORA 11/02/2024
PYME INNOVADORA
Válido hasta el 11 de febrero de 2024
escudo de MEIC 11/02/2024

Copyright © 2021 Kymatio

Política de Privacidad
Política de Cookies
We use our own and third-party cookies, analytics and statistics to outline your browsing habits and show you content and publicity of your interest, collect statistics on the use of the website, identify faults and, in short, provide you with the best possible user experience. For more information about our use of cookies and information on how to revoke your consent, click on "Read More"
AcceptReject Read more Settings
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT