Skip to content
Kymatio
Home
Services
Partners
Blog
Contact
[Español]
Log in
Log in

The human element is behind security breaches. We reviewed DBIR Verizon’s report on data breaches in 2022 and possible solutions

By Fernando MateusIn About Kymatio, Cyber Insider News, Cyberpsychology, Employee Cyber Risk, Insider intelligence, Kymatio A&A - Assessment & Awareness, Kymatio Account Breach Scanner - ABS (Credentials Exposition), Kymatio Trickster (Attack Simulation), Strategic directionPosted 27 January, 2023
Kymatio News data breach / brechas de seguridad

The human element continues to drive security breaches.

In 2022, 82% of the breaches involved the human element.
DBIR - 2022 Data Breach Investigations Report
DBIR 2022 Verizon

This is stated in the publication of Verizon 2022 Data Breach Investigations Report. 

It has already been 15 years since Verizon’s first annual data breach investigation report was released. In the 2022 edition, the 108-page report analyzes more than 23,000 incidents and 5,200 confirmed breaches from all over the world.

The results of the Verizon study indicate the main causes of security breaches:

  • The use of exposed or stolen credentials
  • Impersonation
  • Misuse or simply a human error
Figura 1. El componente humano en las fugas (n=4,110); cada glifo representa 25 fugas. (Fuente: DBIR de 2022).

DBIR 2022. Figure 1. The human component in leaks (n=4,110); each glyph represents 25 leaks.

It is clear that people continue to play a key role in both incidents and information security breaches.

DBIR. Relevant results

0%
Breaches Involving Humans

82% of the breaches involved the human element, including social attacks, mistakes and misuse.

0%
Ransomware

There was a 13% increase in ransomware breaches, more than in the last 5 years combined.

0%
Supply Chain

In 62% of incidents, the pattern of intrusion into the system involved threat actors that compromised partners (supply chain).

Human cyber risk prevention services

Each risk element indicated by the Verizon report has its own mitigation strategies, but fortunately Kymatio has services that allow us to automate employee risk management, prevention and mitigation plans to:

  • The use of exposed or stolen credentials
  • Impersonation attacks
  • Misuse or simply a human error

Solutions. Use of exposed (or stolen) credentials

Kymatio News Credential Theft. AI generated image, cyber security, credential theft, by nightcafe.studio/

The use of stolen or compromised credentials is the most common cause of data breaches. Credentials were the main attack vector in 19% of the breaches in 2022 and also the main attack vector in 2021, causing 20% of the breaches.

Credentials, such as email address or password, can fall into the hands of criminals through social engineering attacks, but often the source usually turns out to be a data breach of an online service.

In any case, to address this problem holistically, it is necessary to monitor the exposure of credentials. The results obtained can serve as a driver to launch 2 lines of work.

Work with exposed credentials, control line

Periodic and automated review of the exposure of credentials, typology of the exposed data and potential impact of the exposed information (combination of email address and password, IP, users…). The organization must know its level of exposure and work on it internally.

Work with exposed credentials, staff awareness line

One of the best practices for raising employee awareness is working with them, in addition to third-party examples and general information, showing them real cases with their own data.

For more information on how to manage and mitigate the risk of stolen credentials or compromised in third-party breaches, we recommend Kymatio Account Breach Scanner (ABS).

Solutions. Impersonation

Kymatio News Impersonation. AI generated image, cyber security, credential theft, by nightcafe.studio/

Phishing is a good example to illustrate this risk. It is part of our day-to-day life in a world in which we reach an advanced level of digitization in both the business and personal spheres.

Given this situation, it is essential to have a 360º attack simulation platform (phishing, spear phishing, smishing, malicious QR, etc.) that allows the training and simulation of cyberattacks.

The three main elements of this line of action are:

  • Measurement of the organization’s baseline with respect to its behavior against the different attack simulations.
  • Setting objectives to reduce human error. From the baseline data obtained, define a goal and coordinate efforts to achieve it in a set period so it is realistic and achievable.
  • Periodic training of the organization’s staff.
For more information on how to manage and mitigate the risk of spoofing, we recommend Kymatio Trickster.

Solutions. Misuse and human error (Awareness)

The human element is behind security breaches. We reviewed DBIR Verizon's report on data breaches in 2022 and possible solutions 3

Social engineering, or people hacking, consists of psychologically compromising a person, in such a way that it is possible to alter their behavior by facilitating them to make decisions and take actions against their own interest and that of the organization, such as violating the confidentiality of the data.

But, in many cases, what happens is simply a lack of awareness about security coupled with the lack of sensitivity about the importance of having a security culture.

The best way to work on this risk is a new school security awareness program, reserving traditional elearning to be applied once the gaps are known. A program that allows us to understand those areas that each employee has to improve by determining all those elements that generate the HSG or Human Security Gap.

Not being an easy task, there are methodologies and services that will allow us to improve the situation in different lines:

  • Measurement of employee alert and gaps
  • Launch of personalized security awareness programs, aimed at areas where it is necessary to strengthen for each employee on an individual basis.
  • Confronting each person to specific situations, allowing them to say in each case the best alternative and manage to measure their evolution in each main security domain.
  • Deliver content that is agile, easy to consume (nano-micro content) and related to the necessary areas of knowledge.
  • Perform all of the above while respecting the employee’s time, in a flexible way.

To learn more about managing and mitigating the risk of misuse and human error, we recommend looking at how our services work together. Discover the Kymatio Assessment & Awareness program, the social engineering attack simulation training service -Kymatio Trickster, including NeuroPhishing– and credential exposure management with Kymatio Account Breach Scanner (ABS).

0%
Human Error
Reduction

“At Smartick we have managed to reduce the number of human errors in simulated attacks by 80%”
David Rodriguez

Kymatio’s new AI prepares employees in a fully personalized way against Social Engineering attacks
05
Kymatio’s new AI prepares employees in a fully personalized way against Social Engineering attacks
The human element is behind security breaches. We reviewed DBIR Verizon’s report on data breaches in 2022 and possible solutions
36
The human element is behind security breaches. We reviewed DBIR Verizon’s report on data breaches in 2022 and possible solutions
Palladium Hotel Group deploys Kymatio to prepare its employees against cybersecurity threats
33
Palladium Hotel Group deploys Kymatio to prepare its employees against cybersecurity threats
2023, we premiere a new year with a new type of phishing attack: “The Blank Image Attack”
40
2023, we premiere a new year with a new type of phishing attack: “The Blank Image Attack”
Tags: EnglishHuman factorHuman firewallRansomwareSocial engineering
Fernando Mateus

Fernando Mateus

https://www.linkedin.com/in/mateus/

Post navigation

Previous
Previous

Palladium Hotel Group deploys Kymatio to prepare its employees against cybersecurity threats

Next
Next

Kymatio’s new AI prepares employees in a fully personalized way against Social Engineering attacks

Related Posts

Kymatio News AI against Social Engineering
1 March, 2023
Kymatio’s new AI prepares employees in a fully personalized way against Social Engineering attacks
Kymatio Testimonio Palladium Hotels Group
16 January, 2023
Palladium Hotel Group deploys Kymatio to prepare its employees against cybersecurity threats
Kymatio News New Phishing Attack - Imagen generada por Dall-e
15 January, 2023
2023, we premiere a new year with a new type of phishing attack: “The Blank Image Attack”
2023 Cybersecurity Trends: Human Factor 5
23 December, 2022
2023 Cybersecurity Trends: Human Factor

Search in Kymatio

News Categories

Cyber Insider

Kymatio

Recent Posts

  • Kymatio’s new AI prepares employees in a fully personalized way against Social Engineering attacks
  • The human element is behind security breaches. We reviewed DBIR Verizon’s report on data breaches in 2022 and possible solutions
  • Palladium Hotel Group deploys Kymatio to prepare its employees against cybersecurity threats
  • 2023, we premiere a new year with a new type of phishing attack: “The Blank Image Attack”
  • Reducing supply chain cyber risk begins with recognizing social engineering as today’s biggest threat
  • 2023 Cybersecurity Trends: Human Factor
  • The 7 key elements to improve the Cybersecurity Awareness Program and its relationship with compliance requirements.
  • 6 cybersecurity solutions that every company needs
  • I have been infected with ransomware. Now what?
  • Social Engineering: An Unknown Concept
  • Cybernews – Fernando Mateus, Kymatio: “traditional forms of cybersecurity training are neither engaging nor effective”
  • The challenge of Cybersecurity in SMEs
  • Sale! Cyberattacks at 50% discount… They’re running out!
  • Account Breach Scanner (ABS). The new functionality of Kymatio that scans online the credentials of users filtered in security breaches
  • Partnership: Secuora becomes a Kymatio partner to enhance the cybersecurity posture of its customers

Categories

  • About Kymatio
  • Articles
  • Artificial intelligence
  • Awards and honours
  • Cyber Insider News
  • Cyberpsychology
  • Employee Cyber Risk
  • European Cyber Security Organisation (ECSO)
  • Events
  • External articles
  • INCIBE
  • Insider intelligence
  • Insiders
  • Interviews
  • Investors
  • Kymatio A&A – Assessment & Awareness
  • Kymatio Account Breach Scanner – ABS (Credentials Exposition)
  • Kymatio in the media
  • Kymatio Trickster (Attack Simulation)
  • Partnerships
  • Recruiting
  • RSA
  • Sin categoría
  • Strategic direction
  • Talent
  • Testimonials
  • Xmas

RSS Kymatio RSS feed English

Suscríbete a nuestra newsletter

subscribe
Kymatio

+34 644 765 240 

contact@kymatio.com 

Producto

Análisis del Riesgo Interno
Plan Prevención Riesgo Interno
Fortalecimiento empleados

Empresa

Home
Services
Partners
Blog
Contact
[Español]

Redes Sociales

Youtube Linkedin-in Facebook-f Twitter
Sello PYME INNOVADORA 11/02/2024
PYME INNOVADORA
Válido hasta el 11 de febrero de 2024
escudo de MEIC 11/02/2024

Copyright © 2021 Kymatio

Política de Privacidad
Política de Cookies
We use our own and third-party cookies, analytics and statistics to outline your browsing habits and show you content and publicity of your interest, collect statistics on the use of the website, identify faults and, in short, provide you with the best possible user experience. For more information about our use of cookies and information on how to revoke your consent, click on "Read More"
AcceptReject Read more Settings
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT