Investigating Cyber and Data Security Breaches in Detail: Report Findings

May 4, 20168:20 am
Generic placeholder image

Cybercriminals are continuing to exploit human nature as they rely on familiar attack patterns such as phishing, and increase their reliance on ransomware, finds the Verizon 2016 Data Breach Investigations Report.

Some of the key findings that continue to play off for human frailty are:

  • Eighty-nine (89) percent of all cyber attacks involve financial or espionage motivations.
  • Most attacks exploit known vulnerabilities that have never been patched despite patches being available for months, or even years. In fact, the top 10 known vulnerabilities accounted for 85 percent of successful exploits.
  • Sixty-three (63) percent of confirmed data breaches involve using weak, default or stolen passwords.
  • 95 percent of breaches and 86 percent of security incidents fall into nine patterns
  • Ransomware attacks increased by 16 percent over 2015.
  • Basic defenses continue to be sorely lacking in many organizations.

Chris Formant, president of Verizon Enterprise Solutions says, “Now more than ever, the collaboration and contributions evidenced in the DBIR from organizations across the globe are required to fully understand the threat landscape. And understanding is the first step towards addressing that threat.”Phishing Tops the List of Increasing Concerns

One area that has picked up dramatically over the prior year is phishing where end users receive an email from a fraudulent source.

Alarmingly, 30 percent of phishing messages were opened – up from 23 percent in the 2015 report – and 13 percent of those clicked to open the malicious attachment or nefarious link, causing malware to drop and a foothold gained by cybercriminals.

In prior years, phishing was a leading attack pattern for only cyber-espionage and hasnow spread to seven of the nine incident patterns in the 2016 report. This technique is amazingly effective and offers attackers a number of advantages such as a very quick time to compromise and the ability to target specific individuals and organizations.

Adding to the list of human errors are those perpetrated by the organizations themselves. Labeled ‘miscellaneous errors,’ this incident pattern group takes the No. 1 spot for security incidents in this year’s report.

See: Practical Recommendations for Organizations to Effectively Manage and Expand Information Security Talent Pipelines

In fact, 26 percent of these errors involve sending sensitive info to the wrong person. Other errors in this category include: improper disposal of company information, misconfiguration of IT systems, and lost and stolen assets such as laptops and Smartphone.

“You might say our findings boil down to one common theme — the human element,” said Bryan Sartin, Executive Director of Global Security Services, Verizon. “Despite advances in information security research and cyber detection solutions and tools, we continue to see many of the same errors we’ve known about for more than a decade now. How do you reconcile that?”

Of increasing concern to Verizon’s security researchers is the speed with which cybercrime is committed. In 93 percent of cases, it took attackers minutes or less to compromise systems and data ex-filtration occurred within minutes in 28 percent of the cases.

As with the 2015 report, compromises of mobile and Internet of Things devices are not a significant factor in the 2016 DBIR.

However, the report notes that proof of concept exploits are real and it’s only a matter of time before large scale breach impacts mobile and IoT devices, which means organizations should continue to be vigilant about protecting Smartphones and IoT devices.

The rise of the three-pronged attack

This year’s report calls out the rise of a new three-pronged attack that is being repeated with great regularity. Many organizations are falling prey to these attacks that include:

  • Sending a phishing email with a link pointing to the malicious website or mainly a malicious attachment
  • Malware is downloaded onto an individual’s PC that establishes the initial foothold, and additional malware can be used to look for secrets and internal information to steal (cyber espionage) or encrypt files for ransom. Many times the malware steals credentials to multiple applications through key logging.
  • Use of the credentials for further attacks, for example, to log into third-party websites like banking or retail sites.

“The goal is to understand how the cybercriminals operate,” said Sartin. “By knowing their patterns, we can best prevent, detect and respond to attacks.”

The researchers note that basic, well-executed measures continue to be more important than complex systems, and include:

  • Know what attack patterns are most common for your industry. Utilize two-factor authentication for your systems and other applications, such as when logging into popular social networking sites.
  • Patch promptly.
  • Monitor all inputs: Review all logs to help identify malicious activity.
  • Encrypt your data: If stolen devices are encrypted, it’s much harder for attackers to access the data.
  • Train your staff: Developing security awareness within your organization is critical especially with the rise in phishing attacks.
  • Know your data and protect it accordingly. Also limit who has access to it.

“This year’s report once again demonstrates that there is no such thing as an impenetrable system, but oftentimes even a basic  defense will deter cybercriminals who will move on to look for an easier target,” added Sartin.

Also read: Digital Transformation Waits: Keys to Bridging the Cyber Security Gaps and Bolstering the Existing System

Image credit: forbes.com