Blogs & Resources

Verizon 2022 Data Breach Investigations Report (DBIR): Growth in front-door data exfiltration attacks

Supreeth Rao
Nagraj Seshadri

Note: This blog reviews the Verizon 2022 Data Breach Investigations Report (DBIR) from a data protection perspective and suggests how we can use those findings to improve data security in an organization’s cloud environment. The figures in this blog are directly from the DBIR.

The starting point for over two-thirds of attacks is the use of stolen credentials (~49%) or phishing (~18%)--i.e., gaining access into the environment (figure below). Attack techniques are getting faster as exfiltration is increasingly happening from the front door. 

It’s no surprise that ransomware has seen a significant increase over the years–even doubling from the previous year, from 2020 to 2021 (figure below). 

Once attackers compromise the environment, the next best thing a defender can do is to discover and remove the threat as soon as possible. The DBIR presents a counter-intuitive finding: even though more breaches are discovered within days versus months, the unfortunate reason is that criminals disclose more than 50% of breaches. The disclosures are either for ransom or sale on the dark marketplaces. In non-actor (or enterprise) disclosures, the trend is moving downwards. 

The fact that disclosures are made when data is being put up on sale also underlines that it's easier to trade breached data on the dark web. The growing number of data exfiltration attacks from the front door is a wake-up call for security teams to build proactive, continuous defense techniques. 

Every organization has hundreds of users, roles, and access policies. Furthermore, thousands of configuration settings are on the cloud. A few key questions to ask:

  • Are users and roles over-provisioned, thereby increasing breach risk? 
  • We have thousands of configurations, are they aligned to prevent data breaches? 
  • Given the finite time and resources, how do we prioritize the essential security policies for data security? 
  • What data is most critical to the business, and what is at risk?
  • How can we identify that malicious user coming from the front door and stop the breach?

An easier way to answer these questions and improve data security is to start by understanding the data and access. Theom is a cloud data protection and governance platform which discovers your data stores and analyzes data content to identify access and infrastructure controls risks. Theom quantifies the financial value of the data to both the organization and criminals in underground marketplaces. This quantification enables Theom to provide automated remediations in a prioritized manner. If your organization would like help in answering the questions above, talk to us by scheduling a 10-minute call using Calendly.

Read similar posts to this blog: