The 11th edition of Verizon’s Data Breach Investigations Report (DBIR) has been released. As always, the use case examples are fascinating. However, the underlying message is that in today’s always-connected world, compromise is inevitable, but organizations can proactively protect their valuable information and systems.
In the report, Verizon looks at patterns evident in over 53,000 incidents (a security event that compromises the confidentiality, integrity, or availability of information) and in excess of 2,200 breaches (resulting in the confirmed exposure of information to an unauthorized party).
The report notes that in 2017, 73% of breaches originated with outsiders. Organized crime is the leading external perpetrator, followed by unaffiliated, state affiliated, nation state, and former employee. Furthermore, 28% of breaches involved insiders, indicating that outsiders are using tactics such as social engineering to take advantage of insiders, resulting in breaches.
Financial gain is the main motivator for security incidents, followed by cyber-espionage. A fantastically James Bond-esque term, cyber-espionage covers a range of incidents, from stealing state secrets through to gaining advanced knowledge (intellectual property) of a competitor’s new product blueprints prior to a patent being applied for. These two categories account for about 90% of all breaches. “Fun” is the next-highest motivator (an attacker intent on gaining kudos), with “grudge” in next place, which could be a disgruntled former employee, contractor, or customer determined to cause problems.
By far the greatest volume of actions resulting in incidents and breaches is distributed denial of service (DDoS), followed by loss (in error), phishing, misdelivery (in error), and ransomware. The list goes on.
When breaches are successful, the time to compromise is quick, a matter of hours or less. Think of it in terms of the cyberattack chain: once a threat is inside the network or system, it rapidly reaches the target to compromise the desired information, process, or system. However, 68% of breaches took months or longer to discover, which is of great concern today, let alone when the General Data Protection Regulation (GDPR) comes into effect on May 25, 2018.
The potential for reputational damage is a leading concern among all organizations at board level. Enterprises know that their customers need to trust them, and an incident or breach could erode that trust, with the consequential reputational damage and/or loss of business advantage. The vast majority of organizations are aware that a security incident is unavoidable and could happen at any point. The Verizon report points out that accepting this inevitability is essential. Using risk assessments, organizations should focus on understanding their potential targets, applying controls to protect the targets, and having a plan in place (with appropriate funding) to deal with any attack and its consequences.
Business-Driven Security for Enterprise Protection and Compliance, INT003-000115 (April 2018)
"Digital transformation must address security", INT003-000088 (March 2018)
"Questions that matter to enterprises: Developing a security strategy", INT003-000099 (March 2018)
Maxine Holt, Research Director, Infrastructure Solutions