Beyond Heartbleed, which recently made headlines as the worst bug ever, there is a world of cyberthreats vying to take down enterprise networks, corrupt smartphones, and otherwise wreak havoc on businesses. Verizon is doing its level best to expose these threats in its 2014 Data Breach Investigations Report.
According to Verizon, the report, which will go public on Wednesday, offers insights from some of the most notorious attacks during the last year. Published in a new format, the 2014 report features common incident patterns based on insights from 50 global organizations and more than 63,000 confirmed security issues. The report spans everything from watering holes to DDoS (distributed denial-of-service) attacks and beyond.
“After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime -- and the bad guys are winning,” said Wade Baker, principal author of the Data Breach Investigations Report series. “But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically.”
92 Percent of All Attacks . . .
Here’s the big picture: 92 percent of all security incidents over a 10-year period are traced back to nine specific threat patterns in the cyber world.
Those are: miscellaneous errors, such as sending an e-mail to the wrong recipient; crimeware, which includes malware that targets the takeover of systems; insider abuse; physical loss or theft; attacks on Web applications; distributed denial-of service attacks; point-of-sale instrusions; cyber espionage schemes; and payment card skimmers.
In the 2014 report, Verizon discovered that three threat patterns, on average, make up 72 percent of the security incidents across industries. Drilling down into industries, 75 percent of attacks in the financial services sector stem from Web application attacks. Manufacturing sees 54 percent of attacks on its IT operations from DDoS and cyber espionage. Turning to retail, DDoS makes up most of the attacks at 22 percent. Point-of-sale intrusions account for 31 percent.
“Organizations need to realize no one is immune from a data breach,” Baker said. “Compounding this issue is the fact that it is taking longer to identify compromises within an organization -- often weeks or months, while penetrating an organization can take minutes or hours.”
Verizon Fights Back
Where are the threats coming from? China leads the way in terms of cyber-espionage activity. But more than 20 percent of attacks stemmed from Eastern Europe. Only 2 percent of the attacks came from Western Europe or U.S. cyber criminals.
With all this danger in mind, Verizon is working to protect its clients. In February, the Verizon Cyber Intelligence Center was launched to give enterprises a heads up with “advanced detection and response” tools to manage and mitigate cyberattacks.
“Yesterday’s approach to fighting cyberattacks in which each enterprise attempts to combat well-funded adversaries alone or build these complex cyber capabilities themselves is just not feasible, “said Eddie Schwartz, vice president of Global Security Solutions for Verizon Enterprise Solutions. “The realities of today’s threat landscape require enterprises to focus on understanding the business context of an attack, and taking direct remediative action.”