As of June 1, 2024, Vestige Digital Investigations is part of ArcherHall, a leading digital forensics, 
e-discovery, and cybersecurity service provider. The Vestige team that you know and trust will
continue to serve you at ArcherHall. Our expanded team, capabilities, and infrastructure will allow
us to serve you and your clients even better.

Vestige is a Contributor to the 2022 Verizon DBIR


Vestige is a Contributor to the 2022 Verizon DBIR

Author photo
Marketing Manager

CLEVELAND, OH (May 25, 2022) – Vestige Digital Investigations is named an official Contributor to the Verizon 2022 Data Breach Investigations Report (DBIR). This marks the seventh year that Vestige has participated in this report.

“As cybersecurity experts, Vestige Digital Investigations is pleased once again to be an official CONTRIBUTOR to the Verizon DBIR which is now in its 15th year.  We provided data on the matters we encountered in 2021 to continue to arm Verizon and cyber professionals around the globe with this informative, data-driven report. The DBIR is designed to help cyber professionals use the information to take actionable real-world preventive steps to protect themselves and their organization from cyber incidents and data breach,” said Greg Kelley, BS, EnCE, DFCP, and Chief Technology Officer at Vestige Digital Investigations.

Significant Increase in Ransomware Attacks

Ransomware attacks increased by almost 13%, an incredible rise — as big as the last five years combined (for a total of 25% for this year). The report underlines that 70% of software-based data breach cases involve ransomware attacks. Frequently preferred by hacker groups for getting unauthorized access to company networks and cyber infrastructure, this attack method stands out as one of the ways favored by cyber attackers in supply chain attack cases. Indeed, Verizon’s DBIR 2022 points out that supply chain attacks account for 62% of system intrusion incidents.

With respect to ransomware attacks, it should also be noted that 40% of all data breach cases caused by this type of attack involve the use of desktop sharing software. Driven by the transformation of the business world with the adoption of remote work model due to COVID-19, this situation leads us to some other interesting data. According to the report, 14% of unauthorized access incidents involve the usage of desktop sharing applications.

Internal Threats and Their Role in Identity Theft Cases

To build an advanced cybersecurity infrastructure, you should grant only as much privilege and access as necessary to privileged accounts, which may later become internal threats, and you should control the access permissions you grant and the movements in the system on a 24/7 basis. The report states that privilege misuse, which is defined as employees’ misuse of legitimate access granted to them, is 2.5 times more likely to occur as a result of an error than as a result of misuse.

In the case of a data breach caused by internal threats with improper intentions, however, the personal data of employees, customers, and stakeholders is likely to be leaked. According to the report, malicious internal threats appeared mostly in the healthcare industry with the cases of data breaches in 2022, just like in previous years. Medical data is targeted in 22% of data breaches caused by health sector employees’ misuse of their privileges.

Human Error Continues to be a Cause

Human error is responsible for 13% of data breaches. Still a dominant trend, human errors are largely due to misconfigured cloud storage systems. It is extremely important to get support from artificial intelligence and automation to prevent human errors. However, it is equally important to provide employees with the right training on the use of cybersecurity and information technologies. It is predicted that human errors may be decreased if the awareness of employees is raised and the access to cloud systems is controlled by the cooperation of artificial intelligence and automation.

Another remarkable topic in the report is the human element. According to Verizon’s DBIR 2022, 82% of the data security breach cases of this year involved the human element. Unfortunately, the negative contribution of the human element continues to significantly stand out in incidents such as phishing and misuse of stolen credentials.

Mobile Devices & Phishing Attacks

According to the Verizon DBIR 2022, the usage of mobile devices is the main factor behind the emergence of phishing attacks. The report states that at least 58% of mobile devices had at least one malicious URL clicked. Defined as a phishing attack, this method has become more popular among cyber attackers in the last few years, during which people have become accustomed more and more to paying without a card or contactless by card. It should also be noted that at least one malicious or risky application is installed in 16% of phishing attempts, mostly by e-mailing links or via QR code. Besides, considering that one-fifth of phishing attacks are carried out through mobile devices, you should definitely pay serious attention to this topic when building or improving your cybersecurity infrastructure.

Web Applications are High Risk for Attacks, including Identity Theft

Web applications are among the major attack surfaces. Frequently used by external threats to organize cyber attacks, web applications are defined as the number one attack vector in the report. In addition, the same report suggests that 80% of cyber attacks carried out through web applications result in identity theft.

Misuse of Stolen Credentials in Supply Chain Attacks

As mentioned above — cyber attacks targeting the supply chain account for 62% of system intrusion incidents. The 2022 report identifies the misuse of stolen credentials in supply chain breaches, expressed as a sequence of one or more breaches chained together, as the most significant type of cyber activity.

Moreover, according to Verizon’s DBIR 2022, more than 75% of supply chain attacks involve only three steps. Defined as phishing, ransomware, and downloader, these three steps are the most common attacks on the supply chain. In the report, experts suggest that it is important for defense mechanisms to lengthen the attack path favored by the cyber-attackers and increase the number of steps. Cybersecurity experts state that lengthening the attack path will make it easier to take measures, and point out that IT infrastructures should be structured accordingly.


Vestige offers proactive services including: BreachReady™ and Hunt Team that are designed to stop incidents and data breaches before they occur and alerts your team about suspicious behavior that leads to security incidents, like malware and ransomware — and provides recommendations for next steps.  CONTACT VESTIGE TODAY for a FREE consultation.

Link to Full Report

Verizon 2022  Data Breach Investigations Report: