Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Analyzing the Verizon Breach Report

Network attacks and breaches have dominated the technical and mainstream news for the past 18 months, as attacks have grown both in volume and significance. Hacktivists used data breaches to embarrass their enemies, nation-states used intrusions to steal secrets and even directly attack infrastructure, and organized crime used breaches for good old-fashioned theft.

Network attacks and breaches have dominated the technical and mainstream news for the past 18 months, as attacks have grown both in volume and significance. Hacktivists used data breaches to embarrass their enemies, nation-states used intrusions to steal secrets and even directly attack infrastructure, and organized crime used breaches for good old-fashioned theft.

Verizon Data Breach Investigations Report AnalysisHowever it is important to understand that between these groups there are stark differences in who they target, how they attack, and what we, as security professionals, will need to do in order to defend against them. The recently published Verizon Data Breach Investigations Report (available here) provides some of the best data available on attack trends and shows that today’s attack landscape is dominated by external attackers. Specifically, 98% of reported breaches were attributed to external attackers compared to only 70% of attacks in 2007. However, the report also showed that all attacks are not the same with attackers and their strategies are becoming increasingly stratified based on the types of organizations that they target.

Organized Crime Picks On the Little Guy

The Verizon report found that small and medium enterprises were overwhelmingly targeted by organized crime, which has big implications in terms of how these attacks are performed and how businesses need to protect themselves.

Criminal organizations will typically target information that can quickly and easily be converted to hard currency, such as credit card information, banking details or other personal information that could be used to steal an identity. Furthermore, since a dollar is a dollar regardless of who it comes from, criminal organizations typically don’t care whom they are stealing from. As a result, criminal orgs tend to go very broad in search of the easiest targets. Small and medium enterprises often make very enticing targets simply because they often lack the security infrastructure and skills found in a larger enterprises.

This strategy of hitting lots of smaller businesses lends itself to a very automated approach to hacking. In this schematic you see a vey automated, script-driven approach to hacking that can scour the globe looking for poorly secured assets.

In terms of mitigation, this means that smaller businesses need to focus on the basics of security – firewalling, patching systems, and implementing basic network and intrusion monitoring. Smaller businesses have often assumed that they might be under the radar of hackers, and the Verizon report shows that this simply isn’t the case. In a networked world, criminals can easily scan the web looking for vulnerable targets, so even smaller networks are on the front lines.

Targeted Attacks are Very Real for Large Enterprises

While the Verizon report showed that criminals prefer smaller enterprises, it was the larger enterprises that were the nearly exclusive focus of targeted attacks. This makes intuitive sense, given that if you are going to go to the trouble of planning out an organized attack, you are probably going to focus on a fairly high value target. However, the surprising stat was just how common targeted attacks were in large enterprises. 50% of the attacks against large enterprises were targeted as opposed to opportunistic, with 22% of breaches targeting sensitive corporate data and 12% targeting trade secrets.

Advertisement. Scroll to continue reading.

This really highlights just how common the worst-case scenario has become in terms of IT security. The security industry has notoriously been somewhat seen as the boy who cried wolf, always warning companies about the dangers of hackers while often overselling the risk. The Verizon analysis shows that we have likely come full circle with sophisticated, targeted attacks becoming far more common than many seasoned veterans might expect. This puts significant pressure on larger enterprises to adopt next-generation security measures that have the ability to detect evasive attacks and customized malware and anomalies in the network that can expose attempted attacks. While such technologies may be on many CISO’s roadmaps, organizations will likely need to adopt sooner rather than later given how quickly the threat landscape has evolved.

The Verizon report is full of important information for anyone working in information security. But one of the very important concepts to keep in mind is that both automated and targeted approaches to hacking have become very common and successful. Modern security will require us to be able to detect and defend against both of these types of strategies, and to continually expand our definition of hackers and hacking.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.