DBIR 2022 Edgescan ObservationsMay 25, 2022 - 2 min read
The Verizon DBIR 2022 report is out and as always it looks and reads like a strong team of dedicated security experts developed the report; thank you to Gabriel Basset, Charles Hylender and Alex Pinto and the wider team for such a great analysis.
Edgescan was lucky to be chosen as a supplier of vulnerability analytics data to the report for our third year. We are very proud that our triaged, full stack, vulnerability intel based on thousands of PTaaS (Penetration Testing as a Service) assessments and continuous vulnerability scans, is of use to the development of this report.
The key items resonate with what we see at edgescan. The problems don’t change that much and possibly just get more commonplace and larger as the years go by.
Ransomware has increased substantially in breaches:
Ransomware is not going away. The misunderstanding of ransomware is that it’s a highly complicated attack using lots of hi-tech, AI and ML. The reality is that many ransomware attacks include the human element. Targeted attacks use intelligent criminals to enumerate and scope a firms attack surface. Attacks may be a result of a phishing attack and once executed a talented team take over, or the breach may be the result of exploitation of a CVE, unpatched, exposed or misconfigured endpoint or application.
A significant part of ransomware readiness is resilience. This includes frequent assessment of production assets, network, web applications, API and also ASM to help ensure continuous visibility and exposure. The fundamentals of a decent cyber posture are still the same, it’s the threat landscape that evolves.
Incidents are driven by four main types of access to the victim’s estate: Credentials, Phishing, Exploiting vulnerabilities and Botnets
Vulnerability exploitation is still an issue. It has been a core issue for years. Credential theft is also the result of vulnerability exploitation which feeds further account breach. Not much has changed in terms of types of attack. From an attackers standpoint, why change something that works?
The Human Element is still a pervasive issue across the breach landscape
I’m unsure if we can remove the “human element” from cyber security in terms of attackers or defenders. The human element is (still) the most advanced tool for depth of understanding, complex exploitation and intelligent defence. The bottom line here is we need humans to fight humans, fight fire with fire. Software alone fighting the “human element” Its destined for failure but software /automation combined with humans, works a treat and helps with scale, depth and accuracy.
Misconfiguration errors have continued to decrease, a potential sign of hope that internet-exposed cloud resources are diminishing. Making humans “bionic” in terms of cyber posture, reactiveness, scale vs depth and accuracy can bring a huge return on investment to any business.