I love Verizon’s annual Data Breach Investigations Report (DBIR). I have pored over its content every year since its inception in 2008. (Just goes to show how long I have been working on data breaches.) It is always written in language that is easy to understand, not super techy, and provides a great summary of the current risks to businesses.

The 2022 DBIR is no different. Take your time digging into its 108 pages—none should be missed. Issued on May 25, 2022, it is comprehensive, extremely useful, and top notch—as always.

The preamble is so true—that nothing is certain. The report speaks of credible analysis of data, including slanted bar charts, spaghetti charts, dot plots or pictograms, even though “all convey the uncertainty of our industry in their own way.”

Analyzing incidents from November 1, 2020 to October 31, 2021, the DBIR team acknowledges that we all continue to be surprised at the sheer creativeness of cybercrime, the constantly changing landscape of sophistication, and “if Sasquatch were elected Governor.” One of the things I love about the DBIR is the humor of the team.

According to the report:

“The past year has been extraordinary in a number of ways, but it was certainly memorable with regard to the murky world of cybercrime. From very well publicized critical infrastructure attacks to massive supply chain breaches, the financially motivated criminals and nefarious nation-state actors have rarely, if ever, come out swinging the way they did over the last 12 months.”

True enough. The DBIR team reports that there were four threats that led the threat actors to company systems: credentials, phishing, exploiting vulnerabilities, and botnets. Ransomware continued its upward trend, and supply chain security-related incidents caused widespread consequences and concern about nation states’ access to data.

I urge you to read the report and then re-read it. It is one of the best indicators of the current state of cyber threats to organizations and can be very helpful in your preparedness efforts.