It’s hard to talk about data breaches without mentioning Verizon’s popular Data Breach Investigations Report (DBIR). Now in its sixth year, the newest iteration of the DBIR, which was released this week, finds that the vast majority (75 percent) of breaches are driven by a hope for financial gain.
As the current headlines suggest, state-affiliated espionage campaigns took the second place spot, being the motivator in one out of five attacks. The report said:
Money-minded miscreants continued to cash in on low-hanging fruit from any tree within reach. Bolder bandits took aim at better-defended targets in hopes of bigger hauls. Activist groups DoS’d and hacked under the very different — and sometimes blurred — banners of personal ideology and just-for-the-fun-of-it lulz.
The DBIR report, which is freely available for download, includes data from 19 global security organizations with an analysis of more 47,000 security incidents and 621 confirmed breaches.
Some of the news was particularly bad for small and midsized organizations. SMBs accounted for most of the breaches, accounting for 62 percent of 2012 events. “Large organizations may do better because they have expertise on how to layer defenses properly,” said Roger Thompson, chief emerging threat officer at malware reseacher ICSA Labs told IFSEC Global. “I suspect that the smaller organizations are largely still trying to rely on antivirus alone.”
At least some of the findings of the DBIR were not surprising at all. For example, financial organizations were the favorite victims of breaches, accounting for more than one third of incidences. Retail environments and restaurants, meanwhile, accounted for another one quarter of data losses. Meanwhile, 20 percent of network intrusions involved manufacturing, transportation, and utility companies and another 20 percent are aimed at information and professional organizations.
“The bottom line is that unfortunately, no organization is immune to a data breach in this day and age,” said Wade Baker, principal author of the Data Breach Investigations Report series in a press release. “We have the tools today to combat cybercrime, but it’s really all about selecting the right ones and using them in the right way.
Intruders rely on a variety of activities to achieve their objectives. Although malware and hacking remain primary approaches, the survey indicated that the use of these tried-and-true techniques is actually down. The top five attack approaches included:
- Gaining access to the network through weak/stolen credentials (76 percent)
- Hacking (52 percent)
- Malware (40 percent)
- Physical attacks (35 percent)
- Social engineering (29 percent)
Some industry watchers say that perhaps due to the increasing sophistication of malware, organizations may be underestimating the role that it plays in data breaches. “If the attack is going to have a lasting imprint, there has to be malware involved,” said ICSA’s Thompson. “I believe the malware component must be higher than 40 percent.”
Verizon suggests a number of best-practices to minimize data breaches. Organizations should:
- Keep only necessary data and work to keep tabs on it.
- Implement data controls and regularly audit them.
- Collect, analyze, and share incident data and tactical threat intelligence to help drive security program effectiveness.
- Work to implement training, processes, and technology that allow early detection of breaches.
- Regularly measure network parameters (such as the number of compromised systems and mean time to detection) that can drive better security practices.
- Avoid a one-size-fits-all approach and evaluate the threat landscape based on your particularly business and industry.
Do you have a story about a data breach that occurred in your organization? Or something to say about the best ways to avoid a data disaster? Let us know in the comments.
Free Download: The Video Surveillance Report 2023
Discover the latest developments in the rapidly-evolving video surveillance sector by downloading the 2023 Video Surveillance Report. Over 500 responses to our survey, which come from integrators to consultants and heads of security, inform our analysis of the latest trends including AI, the state of the video surveillance market, uptake of the cloud, and the wider economic and geopolitical events impacting the sector!
Download for FREE to discover top industry insight around the latest innovations in video surveillance systems.
