Key findings from the DBIR: The most common paths to enterprise estates

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Today, Verizon released the 2022 Data Breach Investigations Report (DBIR), analyzing over 5,212 breaches and 23,896 security incidents. 

The report highlights that attackers have four key paths to enterprise estates; credentials, phishing, exploiting vulnerabilities, and malicious botnets. 

Hackers can use any of these entry points to gain access to a protected network and launch an assault. Generally, they’ll do this by exploiting the human element (including errors, miuse, and social engineering), which accounted for 82% of intrusions this year. 

More specifically, the research also shows that 50% of breaches revolve around remote access and web applications, while 25% were contributed to by social engineering, and credential reuse was involved in 45% of breaches. 

The new threat landscape: ‘breaches beget breaches’ 

One of the most important revelations of the report is that supply chain incidents are providing threat actors with the materials they need to access downstream enterprise’s systems, which explains why 97% of firms have reported being negatively impacted by a supply chain security breach in the past. 

Verizon’s DBIR suggests that threat actors use supply chain breaches because they act as a force multiplier, enabling them to breach upstream organizations and service providers before using the access and information they’ve gained to break into the systems of downstream organizations.  

Or as Senior Information Security Data Scientist on the Verizon Security Research Team, Gabriel Bassett describes it, “breaches beget breaches.” “Breaches at a partner can lead to your own breach, as with supply chain breaches. Access paths can be acquired by threat actors and sold on criminal marketplaces.”

Bassett explains that most of the time, hackers exploit the human element to gain initial access, through the use of phishing scams or credential theft and reuse. 

“After purchasing the access, the new attacker monetises it…