Verizon has released the latest version of its Data Breech Investigations Report (DBIR). The new report represents an update from previous versions, the number of contributors was increased from 18 to 50 representing both public and private sector. Of note,the report found that geopolitical attacks which were once the most common have fallen behind consumer breeches like those of payment cards. In addition, Verizon security researchers, using advanced analytical techniques, have found that 92% of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry.
Identifying these nine attack patterns can be an important tool for overwhelmed information security departments which are constantly under attack. Pattern identification can facilitate better big data and analytics processes. The image below highlights how these attacks break down – (click to embiggen).
The DBIR identifies the nine threat patterns as: miscellaneous errors such as sending an email to the wrong person; crimeware (various malware aimed at gaining control of systems); insider/privilege misuse; physical theft/loss; Web app attacks; denial of service attacks; cyberespionage; point-of-sale intrusions; and payment card skimmers. Just three of these patterns account for the bulk of the activities most of the malicious activities coming from credit card skimming, malware and theft.
“What we’re starting to see is that the time from knowing a breach exists to when the breech is shut down is staying the same, while the time from intrusion to theft is shrinking, which is a troubling trend,” Bryan Sartin, Director, RISK Team Verizon says in an interview with CivSource.
In addition to consumer targeted threats like stealing credit card numbers or distributing malware, cyber-espionage is up again in the 2014 report, representing a more than three-fold increase compared with the 2013 report, with 511 incidents partially due to a bigger dataset.
“The real problem is that people are good at achieving compliance initially, but it is very difficult for them to stay compliant,” Sartin says. He notes that there is no “one size fits all approach” to security even though overarching themes exist in terms of the types of attack. For government agencies that means approaching security like triage – mission critical areas go first and require the most vigilance, working down the chain from there.
“I think we’re seeing best practices emerge, but the social engineering aspect to some of these attacks is also evolving and getting better. You can have any number of processes in place, with highly trained individuals and just a little customization in a spearphising email can get people to open the attachment.”
He adds that generally weak credentials can make the attack or theft that much easier. “Strong passwords are a start, training is always important, but the big takeaway from the report is vigilance, the goal is kicking out intruders but in some cases that’s going to mean being reactive. Organizations are starting to understand that.”
The full report is available on Verizon’s website, with additional details on risk management practices. Images courtesy of Verizon.