Monday, August 26, 2013

DBIR 2013 Blog Part II – Data at Rest is Most at Risk

In the last blog in this series, we introduced the 2013 Verizon DBIR, which includes the following facts:

621 confirmed data breaches studied in detail
19 contributors, including government agencies, private security organizations and consulting companies
44 million records compromised
The largest and most comprehensive data breach study performed each year
75% of attacks were opportunistic – not targeted at a specific individual or company – with the majority of those financially motivated
37% of breaches affected financial institutions
In this blog we’re going to look at the report in more detail and see what trends and patterns it shows us.  Note that the full report is available at http://www.verizonenterprise.com/DBIR/2013/

Key observations from the report include:

Most Attacks Still Use Basic Techniques

76% of network intrusions exploited weak or stolen credentials.
Over 78% of attack techniques were considered “low” or “very low” in difficulty (on the VERIS scale which Verizon uses to categorize breaches).
14% of breaches were insider attacks

Lax internal practices often make gaining access easier
Over 50% of insiders committing sabotage were former employees using old accounts or backdoors not disabled
Over 70% of IP theft cases committed by internal people took place within 30 days of announcing their resignation
Data at rest is most at risk

Of 621 cases Verizon investigated, none involved data in transit
66% of breaches involved data at rest in databases and file servers (the rest was data being processed when it was accessed)
Types of attack vary depending on industry and region

Small retailers in USA subject to attacks on poorly configured remote systems to access POS data
Banks subjected to ATM skimming and web application attacks
POS attacks much less frequent in Europe than AP and Americas
As we mentioned in the last blog, 37% of breaches affected financial institutions
Spotting a breach isn’t always easy, or quick

66% of breaches in the report took months, or even years, to discover.  Note also that this problem is getting worse – in the previous years’ study, this figure was 56%
69% of breaches were spotted by an external party, with 9% being spotted by customers!
We can see from this summary how important it is to look after the basics – implement secure passwords, ensure employees have access to only the data/systems they require, practise good housekeeping with users, protect sensitive data at rest, and be aware of the types of attack that are prevalent for your industry and region.

Interestingly, the good folks at the PCI Security Council seem to be heading to the same conclusions.  Highlights of the upcoming PCI DSS v3.0 specification have just been published by the council, and they indicate a focus on fundamentals.  “For good security, you have to do the basic stuff first,” says Bob Russo, general manager of the PCI Security Standards Council. “In 90% of the breaches we see, the cause is failure to do the basic things like creating strong passwords and monitoring data.”

In the next blog we’ll look at conclusions and recommendations, and see how this all applies to NonStop users.

What do you think – have you read the DBIR?  How relevant is it to your organization and your role?  Let us know via the comments section below, or by emailing me at andrew.price@xypro.com.

No comments:

Post a Comment