Verizon 2016 DBIR: Known Attack Methods Remain Security’s Achilles’ Heel

BrandPost By Beth Stackpole
Aug 19, 2016

Companies must begin addressing security proactively, not as an afterthought

istock 75120711 small

Companies are doubling down on IT security efforts, yet known areas of susceptibility and human error remain the main source of enterprise cyberattacks, according to Verizon’s 2016 Data Breach Investigations Report (DBIR).

In fact, the latest edition of the Verizon DBIR found that lost or stolen credentials are responsible for 63 percent of confirmed data breaches. The ninth edition of this comprehensive security guide analyzed more than 100,000 security incidents, including 2,260 confirmed breaches from 67 contributing organizations across 82 countries.

Because the same simple mistakes continue to cause most breaches, implementing and enforcing basic security measures is more critical than ever to counteract human error. Companies must begin addressing security proactively, not as an afterthought, in order to effectively mitigate risk, raise user awareness, and embrace the path to complete digital transformation.

According to Verizon’s 2016 DBIR, 95 percent of breaches still fit into the nine incident patterns identified in Verizon’s 2015 report. Miscellaneous errors, insider and privilege misuse, physical theft or loss of a device, denial of service (DoS), and crimeware remain the most active attack categories across all industries.

However, three quarters of incidents and breaches in the various industry sectors are covered by three patterns, which vary depending on the industry. Verizon’s 2016 DBIR maps the incident patterns to specific industries and also provides a recommended course of action.

Whatever the threat type, Verizon’s 2016 DBIR found that cybercriminals are quick to do damage and companies are too slow to take action. In 93 percent of cases of stolen data, for example, systems were compromised in minutes or less, according to the findings, and in 83 percent of cases, victimized companies didn’t discover the breach for weeks—or more.

Moreover, law enforcement, fraud detection services, and third parties are more likely to catch breaches after the fact than internal IT staff or systems, according to the research. If companies are relying on external resources to detect attacks, they provide cybercriminals with more time to disrupt the business.

Putting basic security measures into effect is more critical than ever, but many organizations don’t know where to start. Here are a few key recommendations from Verizon’s 2016 DBIR:

Know your data and your users. If it sounds basic, it is—but a surprising number of companies don’t have a true sense of their organizations and hence their real susceptibilities. IT needs to understand what sensitive data exists, where it is, and who needs access to it. They also need to track system usage and user behavior.

Use encryption and two-factor authentication. Both practices help to significantly reduce the damage in the event that data or credentials are lost or stolen.

Segregate systems. Separate primary servers and systems to protect them from attack. This way, a compromised desktop can’t expose other systems and data to damage or theft.

Patch promptly and often. The sheer number of new areas of exposure can be intimidating for IT organizations, many of which don’t know where to start. Verizon’s 2016 DBIR provides critical intelligence for implementing an effective patch strategy.

For more details on these recommendations, along with an overview on other security best practices, view the entire Verizon 2016 BDIR at here or contact Verizon to engage a consultation with their security professionals.