Verizon’s annual Data Breach Investigations Report shows which threats — new and old — to watch.
Just the other day, Verizon released its annual Data Breach Investigations Report, which analyzed more than 2,100 confirmed data breaches and approximately 80,000 reported security incidents. This year’s study offered an in-depth look at the cybersecurity landscape, including a first-time overview of mobile security, Internet of Things (IoT) technologies and the financial impact of intrusions.
Upon delving deeper, the report revealed that though cyber attacks are getting a lot more sophisticated, decades-old tactics like phishing and hacking haven’t lost much ground either. According to Verizon, the majority of the cyber attacks (70%) used a combination of these techniques and involved a secondary victim, adding complexity to a breach.
Another troubling area singled out in the analysis is that many existing vulnerabilities remain open, primarily because security patches that have long been available were never implemented. In fact, many of those flaws go back almost eight years.
As in prior reports, this year’s findings again pointed out what Verizon researchers call the “detection deficit,” which refers to the time that elapses between a breach occurring until it’s discovered. Sadly, in 60% of breaches, attackers are able to compromise an organization within minutes. On the bright side, the study does note that a number of cyber attacks could be prevented through a more vigilant approach to security.
“We continue to see sizable gaps in how organizations defend themselves,” explained Mike Denning, VP of Global Security for Verizon Enterprise Solutions. “While there is no guarantee against being breached, organizations can greatly manage their risk by becoming more vigilant in covering their bases. This continues to be a main theme, based on more than 10 years of data from our ‘Data Breach Investigations Report’ series.”
As expected, a hot topic that was added to this year’s report centered around security issues related to the burgeoning IoT. Verizon examined several security incidents in which connected devices were used as entry points to compromise other systems, with some IoT devices were co-opted into botnets that were infected with malicious software for denial-of-service attacks. The findings on connected devices “reaffirms the need for organizations to make security a high priority when rolling out next-generation intelligent devices.”
Verizon security researchers also discovered that nearly all (96%) of the 80,000 security incidents analyzed this year can be traced to one of nine basic attack patterns that vary across industries. As identified in the 2014 report, the nine threat patterns include miscellaneous errors, malware aimed at gaining control of systems, insider/privilege misuse, physical theft or loss, web app attacks, cyber espionage, as well as point-of-sale intrusions and payment card skimmers.
This year’s report found that 83% of security incidents by industry involve the top three threat patterns — up from 76% in 2014. Needless to say, the longer it takes for organizations to discover breaches, the more time attackers have to penetrate defenses and cause damage, the report points out. More than a quarter of all breaches take an organization weeks, and sometimes months, to unearth and contain.
Want to continue reading? You can download Verizon’s entire report here. As if you needed any additional proof, it has becoming increasingly clear that embedded system insecurity affects everyone and every company. What’s worse, the effects of insecurity can be very personal like theft of sensitive financial and medical data. For a company the impact can be quite profound. Products can be cloned, software copied, systems tampered with and spied on, and many other things that can lead to revenue loss, increased liability, and diminished brand equity. Explore the SMARTER choice of embedded hardware-based security into your next design here.