In the last blog in this series, we introduced the 2013 Verizon DBIR, which includes the following facts:
| • | 621 confirmed data breaches studied in detail |
| • | 19 contributors, including government agencies, private security organizations and consulting companies |
| • | 44 million records compromised |
| • | The largest and most comprehensive data breach study performed each year |
| • | 75% of attacks were opportunistic – not targeted at a specific individual or company – with the majority of those financially motivated |
| • | 37% of breaches affected financial institutions |
In this blog we’re going to look at the report in more detail and see what trends and patterns it shows us. Note that the full report is available at http://www.verizonenterprise.com/DBIR/2013/
Key observations from the report include:
Most Attacks Still Use Basic Techniques
| • | 76% of network intrusions exploited weak or stolen credentials. |
| • | Over 78% of attack techniques were considered “low” or “very low” in difficulty (on the VERIS scale which Verizon uses to categorize breaches). |
14% of breaches were insider attacks
| • | Lax internal practices often make gaining access easier |
| • | Over 50% of insiders committing sabotage were former employees using old accounts or backdoors not disabled |
| • | Over 70% of IP theft cases committed by internal people took place within 30 days of announcing their resignation |
Data at rest is most at risk
| • | Of 621 cases Verizon investigated, none involved data in transit |
| • | 66% of breaches involved data at rest in databases and file servers (the rest was data being processed when it was accessed) |
Types of attack vary depending on industry and region
| • | Small retailers in USA subject to attacks on poorly configured remote systems to access POS data |
| • | Banks subjected to ATM skimming and web application attacks |
| • | POS attacks much less frequent in Europe than AP and Americas |
| • | As we mentioned in the last blog, 37% of breaches affected financial institutions |
Spotting a breach isn’t always easy, or quick
| • | 66% of breaches in the report took months, or even years, to discover. Note also that this problem is getting worse – in the previous years’ study, this figure was 56% |
| • | 69% of breaches were spotted by an external party, with 9% being spotted by customers! |
We can see from this summary how important it is to look after the basics – implement secure passwords, ensure employees have access to only the data/systems they require, practise good housekeeping with users, protect sensitive data at rest, and be aware of the types of attack that are prevalent for your industry and region.
Interestingly, the good folks at the PCI Security Council seem to be heading to the same conclusions. Highlights of the upcoming PCI DSS v3.0 specification have just been published by the council, and they indicate a focus on fundamentals. “For good security, you have to do the basic stuff first,” says Bob Russo, general manager of the PCI Security Standards Council. “In 90% of the breaches we see, the cause is failure to do the basic things like creating strong passwords and monitoring data.”
In the next blog we’ll look at conclusions and recommendations, and see how this all applies to NonStop users.
What do you think – have you read the DBIR? How relevant is it to your organization and your role? Let us know via the comments section below, or by emailing me at andrew.price@xypro.com.
Posts
No comments:
Post a Comment