Things most cyber-security professionals are not aware of
Real-world data on security incidents and data breaches from Verizon Data Breach Investigations Report
Having worked in the field of cyber-security for four years, never had I gone through Verizon’s Data Breach Investigations Report. While most cyber-security professionals know about the breaches, few are aware of the underlying reasons behind these as covered in the DBIR, which presents the tangible implications of security practices by organizations.
The report has been built using data from 41,686 incidents and 2,013 data breaches collected from 73 sources (public and private entities), normalized using Verizon’s VERIS framework. VERIS stands for Vocabulary for Event Recording and Incident Sharing, a framework designed to ensure that any inconsistencies or unequivocal collection are normalized. Read about the publicly disclosed breaches in the VERIS community database.
Judging by the number of incidents and breaches, the span of the threats may appear limitless, each one seemingly different from another. However, the majority of the incidents analyzed have been described by 9 different patterns as indicated in the figure.
Data breaches still seem to be making the headlines even after extensive security measures are put in place by organizations. Irrespective of the kind and amount of data that any organization possesses, someone is after it. Many organizations poorly understand the threats and how defensive strategies could be circumvented in the future.
To evolve with time in terms of the tactics adopted by your peer organization is effective and necessary. Poor implementation of defense tactics to mitigate and prevent the threats helps them make it to the DBIR report. So, it becomes crucial to look at the DBIR’s perspectives on threats that an organization is likely to face.
The report has a few thought-provoking results. Did you know that ransomware attacks are still quite prevalent and account for approximately 24 percent of incidents? As a matter of fact, it does not interest the specialized media as much unless it involves a high profile target. Undeniably, it is still a serious threat to the industries. A lot of companies are transitioning to a cost-effective cloud-based solution. Emails and other critical data migrates along.
It has drawn the focus of the hackers a lot lately. There has been an increase in the attacks on cloud-based email servers. Does this imply that cloud-based services are less secure? No. It mostly involves phishing, credential theft, and insecure configuration which are a natural by-product of the process.
Surprisingly, the click-through rate has reduced drastically and the majority of the clicks occurred on mobile devices. Mobiles are more susceptible to phishing because of the user interface they offer to the users. Payment card-related breaches experienced a higher dip compared to web-based breaches due to the implementation of pin technology. There is a spike in the number of breaches that compromised through the executives from single-digit to dozens this year.
98% of security incidents and 88% of data breaches continue to occur within one of nine patterns¹.
Financial gain is still the most common motive behind those attacks. Most financial and insurance breaches are because of web applications and privilege misuse. However, crooks aren’t just behind money. State-affiliated actors are responsible for approximately 79 percent of the breaches in the public sector. The motive of this form of cyber attack is to steals classified, sensitive data or intellectual property to gain an advantage over a competitive company or government entity. This is called Cyber espionage.
While the Cyber-Espionage pattern was also the most prominent in this industry in last year’s report, the number of breaches in the Cyber-Espionage pattern is 168% of last year’s amount¹.
Most of the food and accommodation services experienced a breach due to Point of Sale intrusions, web application, and crime-ware patterns. 95 percent of the threat actors in the accommodation and food services industries are external. On the contrary, the majority of the threat-actors involved in breaches in healthcare industries are internal actors just shy of 60 percent.
The most important defense is knowledge. By gaining perspective, insight, and understanding of the threats they face, organizations can take crucial steps to mitigate them¹.
Here are some of the best practices that industries can adopt to avoid being a victim of another breach. Human errors must be fixed where possible with attention to detail. To avoid malformed data being injected into payment websites, integrity monitoring on the data passed has to be done, in addition to patching OS and payment applications. Implement 2FA everywhere on customer-facing applications, remote access, and cloud-based services. 2FA can also be vulnerable but it does not leverage any excuse to not have one in place. Insider behavior should be tracked using logging and monitoring processes. Access to sensitive data by an insider has to be recognized which could cause a fraudulent activity. Continuous monitoring of any sort of traffic spikes or interruptions and putting capacity planning in place to prevent DDoS attacks. Being socially aware could save an organization from suffering from a data breach. Social attacks result in credentials compromise. Monitor emails for malicious links and attachments. Educate the employees to avoid being victims of potential pretext, and with the ways to report any attempt of pretexting of phishing on them.
P.S. If you are reading the DBIR report for the first time, do expect Stan Lee’s references here and there.
[1]: 2019 Data Breach Investigations Report
