Human error tops causes of data breaches, says Verizon report

Human error continues to be a leading factor in data breaches, according to Verizon’s annual analysis of cyberattacks around the world.

That was one of the conclusions of the 2022 Verizon Data Breach Investigations Report, which looked at 23,896 incidents last year, 5,212 of which were confirmed breaches. The data came from 87 cybersecurity vendors, researchers and consultants.

Eighty-two per cent of breaches in 2021 involved the human element, the authors found. “Whether it is the use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in incidents and breaches alike,” the report says.

Mistakes alone were responsible for 14 per cent of breaches. “This finding is heavily influenced by misconfigured cloud storage,” the report adds. It doesn’t say explicitly, but this category would include misconfigured Amazon storage buckets.

Among the highlights (or lowlights, depending on your point of view):

  • ransomware has continued its upward trend, making up 25 per cent of breaches, an almost 13 per cent rise over 2022. That’s a rise as big as the past five years combined, the report says.”It’s important to remember that, while ubiquitous and devastating, ransomware by itself is, at its core, a model of monetizing an organization’s access,” the report adds. Blocking the abuse of credentials (stolen or brute-forced), keeping employees from falling for phishing, keeping attackers from exploiting vulnerabilities and blocking botnets are the best ways to thwart ransomware;
  • roughly 4 in 5 breaches can be attributed to organized crime, with external actors approximately four times more likely to cause breaches in an organization than insiders;
  • supply chain attacks were involved in 61 per cent of incidents last year. “Compromising the right partner is a force multiplier for threat actors,” the report noted. One of the best-known supply chain attack in 2021 was the compromise of Kaseya’s VSA platform;
  • system intrusion was the leading cause of 1,638 breaches with confirmed data disclosure in Canada and the U.S.. That was followed by social engineering, and basic web application attacks. And globally, 62 percent of system…