Security Experts: Verizon DBIR Should Be a Critical Wake-up Call to Enterprises

Share

Related Stories

  • DBIR: POS Attacks Wane, Cyber-espionage is Up
    In the latest Verizon Data Breach Investigations report (DBIR), Verizon researchers noted that 92% of the 100,000 security incidents analyzed over the past 10 years can be traced to nine basic attack patterns that vary from industry to industry.
  • Industry Predictions for 2014; Part 5: Mobile
    Our final summary of industry predictions for 2014 focuses on the mobile arena. 'May you live in interesting times' is a common curse thought to originate in ancient China. 2014 is likely to be an interesting time for mobile users – with or without any involvement from modern China.
  • Industry Predictions for 2014; Part 2: Malware
    In Part 2 of our series on the information security industry's predictions for 2014 we examine the future of malware and how malware-related attacks are likely to evolve. If there is one consistent theme, it is this: despite increased activity from law enforcement, things are not going to get any easier.
  • Verizon DBIR: State-sponsored espionage targets large and small organizations
    State-sponsored malware – 96% of which originates in China – is a dominant factor in data breaches, with bad actors looking for classified information, trade secrets and technical resources to further national and economic interests.
  • Verizon: Cyber-war fears are overblown
    Bucking the conventional wisdom, coalescing around 2013 cyber-threat predictions that a full-scale cyber-war is in the offing, the Verizon Data Breach Investigations Report (DBIR) researchers say that the most likely threats for the next year involve more tried-and-true vectors: authentication attacks and failures, continued espionage and hacktivist attacks, web application exploits and social engineering.

Top 5 Stories

News

Security Experts: Verizon DBIR Should Be a Critical Wake-up Call to Enterprises

24 April 2014

Verizon released its Verizon Data Breach Investigations report (DBIR) this week, showing both an uptick in security incidents and a rising inability of enterprises to keep up with the rapidly evolving innovation on the part of cyber-attackers. Security firms were quick to weigh in with a slew of comments to Infosecurity about the report findings.

Joe Schumacher, security consultant at Neohapsis, noted that enterprises should be concerned that the internal discovery of breaches has been on a slow and steady decline. At the same time, there’s a widening gap between the time to compromise and time to discover breaches. About 75% of attacks took the hackers just days or less (hours and minutes, even) to accomplish. Yet only 25% of compromises were discovered within days or less. Most often, it takes weeks or even months until a security event is uncovered.

Schumacher noted that this underscores that breaches are happening more and more from the inside where attackers are using stolen credentials, and once on the network, are almost impossible to detect. In addition, the report shows an increase in insider espionage targeting internal data and trade secrets, with the most common threat being privilege misuse and the most common attack vector being corporate LAN.

“This is quite troublesome as technologies exists to help an organization with such identifications and leads me to believe that a failed human component could be at fault,” he said. “Organizations should have resources as well as procedures defined for monitoring, logging and following up on triggered alerts. In addition, depending on size and/or industry, a company should consider proactively monitoring different communication feeds, public repository and/or forums for threats and/or data dumps.”

The report also focuses on specific vertical characteristics. And for one, shows that data theft and loss for healthcare is seen in 46% of all security incidents in the healthcare sector—pointing out a critical risk. “This stat is very worrisome as healthcare has a lot of regulated and/or sensitive data,” Schumacher said. “While this particular chart provides a lot of informative data per industry, I would stress that an organization should not look strictly at their industry. An organization’s security personnel should assess their environment(s) against applicable top patterns being exploited across all industries.”

Overall, across all verticals, the DBIR underscores that enterprises should be considering what to do when, not if, a security incident occurs.

“As we see in the report, everyone is vulnerable to some type of security incident, whether external attacks or insider misuse and errors that harm systems and expose data,” said Eric Chiu, president and co-founder at HyTrust. “The No. 1 threat method was stolen user credentials.”

He added, “This report, combined with major breaches such as Target, Michaels, Adobe and Edward Snowden, should be a wakeup call to every organization to re-think security from an 'inside-out' model and assume the bad guy is already on the network,” Chiu said. “Companies need to implement access controls, role-based monitoring and data encryption to ensure that critical systems and sensitive data are protected.”

As all information security professionals know, that’s easier said than done. “We know what to do in order to defend against attacks, but doing it and maintaining control in the face of complexity and business requirements is still a challenge,” said Steve Hultquist, CIO and vice president of customer success at RedSeal Networks. “The increasing capabilities of network infrastructure and systems means businesses likewise need to continue to increase the capabilities (and thus complexity) of their information security technologies. As a result, automation is key and will continue to be more so in the future—especially in areas such as audit, analytics and reporting. This is critical in eliminating or mitigating security breaches.”

Overall, the consensus is that the report should act as a wake-up call that existing security approaches must evolve—and quickly—in order to keep up with the escalating scale and complexity of the attack landscape.

"Another year, another increase in hacks,” said Scott Goldman, CEO of TextPower. “Verizon's 2014 annual data breach report shows us that current security measures are either not sufficiently widespread or are too complicated, expensive or user-unfriendly for websites to implement. And, as they correctly point out, using just passwords for protection is useless. In fact, it's like closing your front door but leaving it unlocked. It's bad enough that hackers get in through back doors and poor security - using a single-factor authentication process is like laying out a red carpet for them. Any website that doesn't use some form of ‘out-of-band’ authentication - meaning outside of the web browser - is adding an engraved invitation to go along with the red carpet. Websites will either get smart, get secure or get hacked."

 

This article is featured in:
Data Loss  •  Identity and Access Management  •  Industry News  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×