We live in a time when data breaches are the norm. As information security and risk professionals we are tasked with trying to mitigate the risks posed by these impending breaches. We constantly are learning and striving to locate and fill gaps in our processes and architecture. But it is only a matter of time before an attack occurs.
Before we proceed let’s review how Verizon defines a breach versus an incident in its 2015 Data Breach Investigations Report (DBIR).
- An incident is a security event that compromises the integrity, confidentiality or availability of an information asset.
- A Breach is an incident that results in the confirmed disclosure (not just potential exposure) of data to an unauthorized party.
Let us reiterate what Verizon, in its 2015 DBIR, lists as the 9 leading causes of data breaches, in the following order:
1.Point-of-Sale Intrusions (28.5% of all confirmed data breaches).
2.Crime-ware – malware attacks that were not point-of-sale or cyber- (18.8% of all confirmed data breaches).
3.Cyber- (18% of all confirmed data breaches).
4.Insider Misuse (10.6% of all confirmed data breaches). 55% of that was privilege abuse!
5.Web App Attacks (9.4% of all confirmed data breaches). Use of stolen credit cards ranked the highest!
6.Miscellaneous Errors (8.1% of all confirmed data breaches). This ranked highest for Incidents at just about 30%. 60% of miscellaneous errors originated internally and 30% of this was when sensitive information was sent to incorrect recipients.
7.Physical Theft and Loss (3.3% of all confirmed data breaches). Health Care and the Public Sector suffered the most. 55% occurred in the work area and 22% in employee-owned vehicles.
8.Payment Card Skimmers (3.1% of all confirmed data breaches). Has updating to the chip-and-PIN systems helped? This was pretty limited, as expected, to the financial and retail arenas.
9.Denial Of Service Attacks (only 0.1% of all confirmed data breaches). Significant improvement from the year before due to stronger security measures.
Verizon’s 2015 DBIR found that most attackers were external actors driven by financial gain – using hacking, distributing malware and phishing. Stolen credentials also started trending.
It also found that Microsoft and Adobe vulnerabilities were exploited within days while Mozilla and Apple took longer. And yes, old vulnerabilities continued to get exploited. Patience pays off!
Look again at what measures you are taking to safeguard your enterprise. Ask yourself the following questions:
- How do they line up with Verizon’s findings?
- Are you throwing your resources at the right place?
- Are you hiring information security and risk professionals with the needed skill sets?
- Are you able to produce metrics on a regular basis that demonstrate how your security measures are addressing the above Verizon findings?
From one security professional to another — feel the pulse of your enterprise!