Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

Six key findings from the 2022 Data Breach Investigations Report (DBIR)

Knowledge is power. With the right threat information, you will know what attacks to expect and how you can best defend against them. And Verizon’s Data Breach Incident Report (DBIR) has consistently provided excellent, actionable threat information that can guide your security program and protect your organization.

Today, Verizon released their 2022 edition of the DBIR. This report is their 15th annual report, and it’s their most comprehensive report yet. It analyzes 5,212 breaches in 2021, which occurred within organizations spread across 11 different verticals and four large regions.

Let’s quickly dig into a few initial impressions and insights from this report.

First Reaction: The report’s 6 key findings

Soon, we will provide an in-depth breakdown of the report. Today, we’ll quickly outline six key findings from the report worth immediate consideration.

1. Supply chain security matters

The report found that just one supply chain breach in late 2020 was enough to shift an entire year’s breach demographics to a meaningful degree. This demonstrates how a single breached vendor can compromise countless customers and why it’s critical to monitor and defend against incidents coming from your vendors.

The DBIR report found that just one supply chain breach in late 2020 was enough to shift an entire year’s breach demographics to a meaningful degree.

2. Ransomware remains on the rise

The report found that ransomware has increased substantially in breaches. There are a few likely reasons for this. A ransom request can be “tacked on” to almost any breach. Organizations continue to increase their attack surface and struggle to stop the lateral movement that ransomware relies on. And simply put, ransomware continues to work and remains an effective way to extort a victim organization. Fortify your defenses with our practical ransomware defense framework – download the e-book here.

3. There are four main vectors for a breach

Most successful attacks use four main attack methods to penetrate their victim’s network and begin their attack. They compromise credentials, send phishing messages, deploy botnets, or exploit known vulnerabilities in their victim’s IT infrastructure. None of these are new, but they continue to create significant breaches.

4. Humans are still usually the weak link

The “human element” is still a significant security issue beneath many breaches. Humans continue to click malicious links, they continue to give away or otherwise lose their credentials, and they continue to make poor security decisions in the moment otherwise that attackers exploit to gain access to their victim’s networks.

5. Very small businesses are now under attack

First, cyberattacks primarily targeted enterprises. In recent years, we saw attacks evolve and become scalable and efficient enough to target SMBs. Now, very small businesses with even ten employees or less are under attack. Every company of every size must now take security seriously, be on the lookout for indicators that they have suffered a breach, and report incidents that they have suffered.

6. It isn’t all bad news

Finally, there are some promising signs. Organizations take some security recommendations to heart, deploy them effectively, and make specific attack vectors less effective. For example, misconfiguration errors are decreasing, suggesting that fewer cloud resources are being exposed to the internet, and the threat of Cloud data breaches and loss is falling.

Learn (much) more in the 2022 DBIR Report today

The full report provides significantly more detail about the state of cybersecurity today and what you must do to defend yourself against today’s biggest threats. Specifically, the report details:

  • How attacks have evolved from 2008 to 2022 regarding the VERIS 4A’s (Actor, Action, Asset, and Attribute)
  • The most common attack timeline that modern cyber incidents follow and that you must prepare defenses against
  • The specific attack patterns that dominated 2021 analyzed in-depth

Atos CSIRT has been an active contributor to the Verizon DBIR over the last four years and helps clients worldwide manage security incidents. Talk to an Atos security expert for a one-on-one consultation on how to combat threats highlighted in DBIR.

By Dawood Haddadi Senior Manager – CSIRT

Posted on: May 24, 2022

Share this blog article


About Dawood Haddadi
Senior Manager – CSIRT
Dawood Haddadi leads a team of Data Forensics and Incident Responders at Atos. He is passionate about cybersecurity, and in his 15-year tenure at the center of security operation centers, he has helped clients of every size defend against persistent cyber-attacks, recover from incidents, and fortify their defenses. He follows cyber threats across the globe and on the deep, dark web to ensure his clients are protected from evolving threats.

Follow or contact Dawood