Verizon’s recently released security report, 2014 Data Breach Investigations Report (DBIR), can help business executives and security professionals gain further insights into how attackers are doing when it comes to accessing your data, as well as what areas of your environment need more protection.
The first takeaway that can be seen as helpful is that 92% of the 100,000 incidents Verizon analyzed from the last 10 years can be described by nine basic patterns. This is good because businesses can aim to focus their risk management efforts on these nine patters or at least keep them in the forefront of their approach. Here’s a look at the patterns and most used method of intrusion by those trying to get a hold of your sensitive data.
- POS Intrusions 14%
- Web App Attacks 35%
- Insider Misuse 8%
- Physical Theft/Loss 1%
- Miscellaneous Errors 2%
- Crimeware 4%
- Card Skimmers 9%
- DoS Attacks 1%
- Cyber-Espionage 22%
- Everything Else 6%
Another point made in the Verizon security report was that although the year 2013 was dubbed “year of the retailer breach,” a more comprehensive assessment of the information security risk environment also showed that it was a year of transition from geopolitical attacks to large-scale attacks on payment card systems.
Furthermore no matter what industry you are in everyone is vulnerable to attack. Even if you think you are a low risk business for external attacks, you are mistaken. Insider misuse and errors are always lurking that can harm your systems and expose your data to those who will use it inappropriately (to say the least).
Another great takeaway from this report for business executives and security pros include the environments that continue to be a high target for data thieves. Servers remain at the top of the list (because after all, that is where all the data is stored) and user devices are on the rise (BYOD comes to mind and the fact that mobile users keep growing in staggering numbers). Media, on the other hand, is the one asset category that seems to be trending down as an appealing target for thieves.
Lastly, the Verizon security report also found that the bad guys seldom need days to get their job done, while the good guys rarely manage to get theirs done in a month. This is scary and needs to be addressed ASAP.
As stated in the DBIR: “The DBIR reflects the experience of many security practitioners and executives who know that an incident needn’t result in data exfiltration for it to have a significant impact on the targeted business.”
Taking the necessary measures to protect your data from breach is imminent as the business world just keeps getting more and more interconnected (BYOD, Cloud, IoT, etc.). Business executives and security professionals need to make it a priority to take a holistic approach to their information security efforts.
Remember, technology is not enough, nor is compliance. You need to assess your risks, apply continuous monitoring, have a team of security experts you can rely on if you’re short staffed, and so much more.
What’s the biggest challenge you’re facing with taking on information security holistically?
Photo Courtesy of alexskopje