Showing posts with label verizon. Show all posts
Showing posts with label verizon. Show all posts

Thursday, April 24, 2014

A Decade of Breaches

Whales Not Included

Being from the Hawaiian Islands, the annual gathering of the Kohola (humpback whales) is always a spectacular view. They can get over half their body out of the water and administer a cannonball body slam splash like you've never seen before. Most of the internet thinks they breach to either see what's up (so to speak), let other whales know they are around (if the haunting squeal isn't doing it) and most common, to relieve the body of lice, parasites and barnacles.

While nature's breaches are unmatched, many internet security breaches are run of the mill leakages.

The Verizon 2014 Data Breach Investigation Report (DBIR) found that over the last 10 years, 92% of the 100,000 security incidents analyzed can be traced to nine basic attack patterns. The patterns identified are:

  • Miscellaneous errors like sending an email to the wrong person
  • Crimeware (malware aimed at gaining control of systems)
  • Insider/privilege misuse
  • Physical theft or loss
  • Web app attacks
  • Denial of service attacks
  • Cyberespionage
  • Point-of-sale intrusions
  • Payment card skimmers

The really cool thing about the 9 attack patterns is that Verizon has also charted the frequency of incident classification patterns per industry vertical. For instance, in financial services 75% of the incidents come from web application attacks, DDoS and card skimming while retail, restaurants and hotels need to worry about point-of-sale intrusions. Utilities and manufacturing on the other hand get hit with cyber-espionage. Overall across all industries, only three threat patterns cover 72 percent of the security incidents in any industry.

Once again, no one is immune from a breach and while media coverage often focuses on the big whales, the bad guys are not targeting organizations because of who they are but because a vulnerability was found and the crooks decided to see if they could get more. This means that companies are not doing some of the basics to stay protected. For the 2014 analysis, there were 1,367 confirmed data breaches and 63,437 security incidents from 50 global companies.

For the most part, the fixes are fairly basic: Use strong authentication, patch vulnerabilities quickly and encrypt devices that contain sensitive information. I've barely scratched the surface of the report and highly suggest a through reading.

ps

Related

Photo: Protected Resources Division, Southwest Fisheries Science Center, La Jolla, California.

 

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Posted by at No comments:
Labels: , , , , , , , ,

Wednesday, April 24, 2013

Targets of Opportunity

#dbir

...Is one of the findings in #Verizon's 2013 Data Breach Investigations Report, which is chuck full of interesting data.  75% of the attack victims were selected because they had a weakness that an attacker knew how to exploit rather than being specifically chosen.  The difficulty of the initial compromise was low for 68% of the breaches meaning the attackers used basic methods or automated tools and scripts.  It also means that there are sloppy configurations, needless services and exposed vulnerabilities that are bringing this attention.

Overall, the report covers 47,000 reported security incidents, of which, there were 621 confirmed data breaches.  This is important since they focus on the 621 confirmed data loss incidents rather than the 47,000 reports.  There will probably be a ton of articles reporting the results but a good place to start is securosis.com with their How to Use the 2013 Verizon Data Breach Investigations Report.  This is a great primer for the document.

There is a pretty even distribution of industries hit from financial to retail and restaurants to manufacturing, transportation and utilities to government and defense contractors.  The overwhelming majority of attacks are perpetrated by outsiders at 92% of the confirmed data breaches with insiders at 14%.  Interestingly, for all reports (the 47,000 not just the 621 confirmed) insiders accounted for 69% of the incidents.  Typically this was due to carelessness rather than criminal misuse.  76% of the network intrusions exploited weak or stolen credentials and most often, the attack was driven by financial motives at 75%.

Some other interesting data for me was that 66% of the breaches remained undiscovered for months or more and 69% of those were discovered by outside entities.  So organizations are in the dark about their intrusions, and it takes an outsider to point it out.  It's like those people who drive away with the gas hose still hooked to their tank. 

I was also curious about breaches as a result of BYOD.  Not many.  In 2011 they only saw 1 breach that involved personally owned devices and only a couple more in 2012.  They will keep watching and do expect that it may increase but for now, so far so good.  Could be because while BYOD is a hot topic, most surveys indicate that only around half the organizations are digging in.

There is a ton more valuable data in the report and it is an easy, fun read for 63 pages of stats.  Right on page 2 they say, 'Some organizations will be a target regardless of what they do, but most become a target because of what they do.  If your organization is indeed a target of choice, understand as much as you can about what your opponent is likely to do and how far they are willing to go.'  Put it on your list.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]
Posted by at No comments:
Labels: , , , , , , , , , ,
Subscribe to: Comments (Atom)