Watch: What the 2022 Verizon Data Breach Investigations Report Means for Your Business

Date May 25, 2022
Article Authors

Highlights from the May 25 HBK Risk Advisory Services webinar featuring William J. Heaven, CPA/CITP, CISA, CSCP; Senior Director, IT.

This year is 15th consecutive year Verizon has released the DBIR. The 2022 report was released May 24, 2022.

  • Expanded in 2021 to cover 20 industries.
  • Includes 87 contributing organizations wither impacted by breach or had clients impacted by the breach.
  • 2022 report examines 23,896 incidents and 5,212 confirmed data breaches.
  • Types of breaches include:

  • Denial of service: hackers sending large amounts of data to compromise the availability of your networks and systems
  • Lost and stolen assets: information missing through misplacement or malice
  • Miscellaneous events: unintentional actions that compromise a security attribute of an information asset
  • Privilege misuse: unapproved or malicious use of legitimate privileges
  • Social engineering: altering a person’s behavior into taking action of breaching confidentiality; a major issue
  • System intrusion: complex attacks that leverage malware or hacking to achieve objectives including deploying ransomware
  • Web applications: gaining access, stealing data, and moving one
  • Everything else: a catch-all category for incidents that don’t fit in the other categories
  • Terminology:

  • Incident: a security event that compromises, the integrity, confidentiality, or availability of an information asset; not a breach until they take possession of the data
  • Breach: confirmed disclosure of data by an unauthorized party
  • Most common types of breaches by industry sector

  • Financial and insurance: miscellaneous errors, system intrusion and web applications
  • Healthcare: miscellaneous errors, system intrusion and web applications
  • Manufacturing: social engineering, system intrusion and web applications
  • Retail: social engineering, system intrusion and web applications
  • Most common incidents by industry sector:

  • Financial and insurance: miscellaneous errors, system intrusion and web applications
  • Healthcare: miscellaneous errors, social engineering, system intrusion and web applications
  • Manufacturing: social engineering, system intrusion and web applications
  • Retail: social engineering, system intrusion and web applications
  • The DBIR is important because the more you know about the cyber threats you face, the better your chances of keeping your data secure. Whether an organization will be attacked is unpredictable. You also have a common language and helps you to report consistently. Also provides links to other useful databases.

    You can get the Verizon DBIR through Verson.com/dbir: the full report, which is 108 pages, or an executive summary, which is 20 pages. You can view the report online or download it. The executive summary provides a great deal of information, and you can go to the full report to look deeper into something specific.

    Key paths to your data. Need to address all of these:

  • Credential theft: about 50 percent of total attacks
  • Phishing: 18 percent, but often steal credentials by phishing
  • Exploiting vulnerability: 10 percent
  • Botnets: small portion of hacks
  • Major takeaway from DBIR: ransomware continued its upward trend, currently 25 percent of all breaches, a 13 percent increase over 2021, and as many as the previous five years combined.

    Supply chain breaches can be a force multiplier, and were 61 percent of this year’s report incidents. Try to vet third party vendors to ensure they are as secure as possible.

    Errors accounted for 14 percent of all breaches. They are starting to level out. But humans remain weakest link in protection chain. Human element is responsible for 82 percent of breaches.

    The gap between large and small companies is closing. Payoffs are not as great from small companies but easier for hackers. Ransomware and phishing are having the biggest impact on small businesses.

    Attack pattern summary for selected industries:

  • Financial and insurance: miscellaneous errors, social engineering, and web applications
  • Healthcare: miscellaneous errors, system intrusion, and web applications
  • Retail: social engineering, system intrusion, and web applications
  • Financial gain is the main actor motivation. Threats are coming more from external actors than internal, though internal threats are more prominent in healthcare and financial services than other industries due to curiosity about certain individuals who are patients or clients.

    Every business should do a risk assessment at least annually. The DBIR will help you identify and analyze your risks.

    The top 18 CIS controls are available free for risk mitigation. The DBIR provides a priority list of controls by industry. Security awareness training is one of the easiest ways to prevent system breaches to help create an environment of skepticism. Make sure you create user awareness, have data backed up, and patch your vulnerabilities.

    The most interesting aspects of the 2022 DBIR are the details on ransomware and the fact that with migration to the cloud you have to keep an eye on what’s going on there.

    Speak to one of our professionals about your organizational needs

    "*" indicates required fields



    Watch: Building Agile Business Processes with Microsoft Power Platform

    Date April 26, 2022
    Article Authors

    Helping you analyze, act, and automate your data

    Highlights of the April 26, 2002, HBK Risk Advisory Services webinar featuring Justin Krentz, Senior Manager, Vertilocity; and Tyler Mains, Consultant, Vertilocity

    What is digital transformation?

    Digital transformation is the adoption of technology with the goal of improving efficiency, value, and innovation.

    • Why digital transformation? We need to go faster, to expedite processes, or innovate at a faster pace. And we already have the data, the information we need to integrate this wealth of knowledge.

    – to optimize IT performance and reduce backlogs

    – to replace or update legacy apps and platforms

    – to unify data across a single platform

    – to reduce time and costs by optimizing everyday tasks

    • Challenges:

    – budget constraints

    – time and resource constraints

    – business expectations

    – paper processes

    – complex process: not easy to change how things are being done

    • More than half the companies in the Fortune 500 in 2000 are no longer in business. Have to find ways to be disruptive in your industry. At some point, staying the course and not finding ways to innovate will be a business’s downfall.

    • Expected gains through modernizing processes with the Power Platform:

    Helps you update or replace legacy apps to optimize IT performance, reducing both time and cost and power your team for secure remote collaboration by integrating apps and automating workflows, and build a resilient supply chain with intelligent tools and end-to-end visibility.

    – 73 percent of organizations feel they are not able to accurately plan because of siloed teams

    – 37 percent still use paper to manage critical business processes

    – 67 percent of CIOs and technology leaders say IT skills shortages are preventing them from keeping up with the pace of change

    The technical side of Microsoft Power Platform

    Three main standalone components or solutions:

    • Power BI – visualizing your data: cloud-based business analytics that enables anyone to visualize and analyze any of your data with greater speed and understanding. Monitor your data in real-time from nearly any device across all major operating systems; set up mobile alerts to your phone when your data changes; share reports and dashboards with ease.

    – quick and confident decisions because of real-time visualizations

    – spend less time wrangling with data

    – use a single, unified platform to give every employee access to insights

    – seamless integration of apps and dashboards

    – drag and drop design

    – artificial intelligence to reveal trends and recommend visualizations

    – accommodates the unlimited amount of data

    • Power Apps – application development

    Low-code technology reduces barriers to low-cost development and empowers employers to turn bright ideas into applications.

    – low-code: from web to tablet to mobile to read and write data

    – collaboration: can be published by anyone in the organization and work together with others in the organization

    – support any platform

    – share apps like documents

    – seamless integration with other apps

    – drag and drop design

    – data connectivity: connect with hundreds of other services

    – built-in data platform: consolidate and standardize the data

    • Power Automate – process automation

    – automate and model business processes across your apps and services

    – from simple automation to advanced scenarios with branches, loops, and more

    – trigger actions, grant approvals and get notifications where you work

    – a workflow process for each flow allowing services to communicate with each other and take action based on the data in separate services

    – start with a template and build more complex processes from there

    – hundreds of triggers: manual buttons, scheduled triggers

    – share flows like documents

    – intelligent automation – additional actions recommended based on your actions

    – thousands of actions based on each of the hundreds of triggers

    – data connectivity with hundreds of services

    – built-in data platform: consolidate and standardize the data

    Vertilocity success stories:

    • Ice cream retailer uses Power BI dashboard to address the challenge of forecasting demand, which is driven by weather. Store managers have real-time access to make informed decisions quickly forecasting sales and staffing.

    • Employee benefits program provider uses MS Office 365 Forms, Power Automate, and SharePoint online to automate and track incidents. Tracks miscellaneous end-user requests, the onboarding and termination of users, and privacy incidents and breaches.

    • Made-to-order equipment manufacturers for various industries used SharePoint, Power Automate, and Power BI Pro to track orders from order to ship. Created workflows of required input, data, triggers, and uses BI dashboards to present information on the entire process.

    Speak to one of our professionals about your organizational needs

    "*" indicates required fields



    Using the Microsoft Power Platform to Build Agile Business Processes: An HBK Risk Advisory Services Webinar

    Date April 25, 2022
    Article Authors

    Date: April 27, 2022

    Time: 10:00 – 11:00 am ET

    Host: William J. Heaven, CPA/CITP, CISA, CSCP, Senior Director

    Was it Covid, or simply technological evolution? Regardless of how it happened, the way we do business has changed fundamentally, the new business model a far cry from how companies used to get their products and services to market. Business leaders who want to be more responsive to their customers’ demands must find ways to connect remote, siloed teams, as well as improve forecasting and other mission-critical processes.

    In our April 27 Risk Advisory Services webinar, “Using the Microsoft Power Platform to Build Agile Business Processes,” we will explain how to add value to your business through analysis, action, and data automation.

    We will cover:

    • Challenges preventing businesses from keeping up with the pace of change
    • Recognizing the need for digital transformation
    • The components and features of the Power Platform for Office 365
    • What the Microsoft Power Platform can help you learn from your data
    • Examples of organizations that benefit from using the Microsoft Power Platform

    Join me for insights on how the Microsoft Power Platform can add value to your business.

    Register today!

    Speak to one of our professionals about your organizational needs

    "*" indicates required fields