Verizon’s data breach report identifies nine patterns that classify attacks

cyber-securityVerizon has recently released its comprehensive 2014 Data Breach Investigations Report, and its findings do not surprise me. But why should they? After all, it seems there isn’t a day that goes by without news of an attempted cyber attack or, worse, a successful data breach.

Verizon’s report stresses that the variety and volume of cyber threats is growing. Still, the 2014 report differs from Verizon’s usual approach in that it helps readers to better understand the threat landscape relevant to their industry  so that, if they are responsible for cyber security in their organisation, they can prioritise their approach according to the biggest threats.

The report identifies ‘clusters’ of similar incidents and breaches. According to its findings there are nine patterns that cover 92% of the security incidents that Verizon has analysed over the last ten years and cover 94% of the breaches in 2013. Another finding reveals that the majority of attacks (75%) take less than a day to execute, while only a few (25%) are detected in that same time period.

Verizon studied 63,437 incidents and 1,362 confirmed data breaches in 2013 and classified them according to nine patterns:

Patterns Incidents* Breaches**
Point-of-sale (POS) intrusions 1% 14%
Web app attacks 6% 35%
Insider misuse 18% 8%
Physical theft/loss 14% 1%
Miscellaneous errors 25% 2%
Crimeware 20% 2%
Card skimmers 1% 4%
Denial-of-service (DoS) attacks 3% 0%
Cyber espionage 1% 22%
Everything else 12% 0%
The report uses the following definitions:
*Incident:A security event that compromises the integrity,confidentiality or availability of an information asset.
**Breach: An incident that results in the disclosure or potential exposure of data. Patterns by industries

 

The report goes on to explore how these incident classification patterns are split across the various industries.

  • Point-of-sale (POS) intrusions are responsible for 75% of the incidents in the accommodation sector and for 31% of the incidents in the retail sector.
  • Web app attacks are the biggest threat for the information (41%), utilities (38%), trade (30%), and finance (27%) sectors.
  • Incidents resulting from insider misuse prevail in the estate (37%), administrative (27%) and public (24%) sectors.
  • Unsurprisingly, theft/loss is the biggest threat to the healthcare sector (46%) and is a considerable threat in the public (19%) and education (15%) sectors.
  • Miscellaneous errors are the biggest cause of security breaches in the administrative (43%) and public (34%) sectors.
  • Payment card skimmer attacks affect the finance sector more than any other sector – with 22% they represent the largest incident pattern in this sector after web app attacks and denial-of-service attacks.
  • Crimeware is responsible for 33% of the incidents in the construction sector, 31% in the information sector and 31% in the utilities sector.
  • With 44%, the management industry is the biggest victim of denial-of-service attacks, followed by professional (37%), retail (33%) and entertainment (32%) industries.
  • Finally, cyber espionage represents the biggest threat to the mining (40%), manufacturing (30%) and transportation (24%) industries.

No room for complacency

Based on the findings of Verizon’s report, every industry is a target and organisations should be putting appropriate cyber security controls in place to address those threats. While controls can be based on a few security frameworks, the most widely adopted one is ISO/IEC 27001.

While no one is safe from a data breach even when the best cyber security measures have been taken, the likelihood of a successful attack is significantly lower if the right controls are in place.

Do you think yours are?

More information on ISO27001 implementation is available at: www.itgovernance.co.uk/implementing_iso27001.aspx