Attacks/Breaches
4/23/2013
09:13 PM
Tim Wilson
Tim Wilson
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

The Many Faces Of The Verizon Data Breach Investigation Report

Verizon's annual data breach report offers volumes of data -- and even more interpretations

For those of us who cover data breaches, the release of the annual Verizon Data Breach Investigations Report is sort of like the motion picture industry's Oscar awards or the annual release of the auto industry's Blue Book -- it doesn't provide all of the answers, but it helps define what the coming year's questions will be.

The Verizon 2013 DBIR went live on Monday night, and it already has generated a ton of discussion and scrutiny. The report, which offers a detailed look at 621 data breaches investigated last year, is set apart from other breach studies because it reports data collected by objective third parties, and not the breached companies themselves.

Less than 48 hours after the report was published, Dark Reading has already posted two news stories on the DBIR. Kelly Jackson Higgins offers an excellent overview of the report, noting the broad range of attacks and victims in this year's report.

Today, Ericka Chickowski posted a piece that offers a look at the DBIR from the insider threat perspective, pointing out that while the frequency of insider-initiated breaches appears to be shrinking, IT and business executives continue to fear data leaks and insider threats more than ever.

In addition, you might enjoy the commentary from Dark Reading blogger and 451 Research analyst Wendy Nather, who points out that the DBIR continues to report that most breaches are discovered by third parties, but falls short on its explanation of why.

I've written about the DBIR every year since Verizon began publishing it more than five years ago, and every year I'm surprised by the new insights it provides on actual data breaches. For example, this year's report shows a marked decrease in the percentage of breaches caused by malware or hacking, and a significant increase in the percentage of breaches caused by social engineering or physical attack.

The study isn't suggesting that hacking and malware -- which still account for the majority of data breaches -- are going away. But it does prove that attackers are both innovative and resourceful, and that they aren't pigeonholing themselves into any one strategy of penetration. If a physical attack on an ATM machine works, then why write complicated malware? It's not about the method -- it's about getting results.

It's this attitude that has led more and more attackers to social engineering, which sometimes is an end in itself, and other times is the first step in a much more sophisticated online attack. Finding a gullible human in a targeted organization is often easier than finding a software vulnerability or an open network port, so attackers are quick to use social engineering as a key part of any exploit. The DBIR reports a radical increase in phishing as a means of attack, and this finding confirms those reported in many other studies this year.

Of course, whether human users can be "patched" or educated to prevent social engineering attacks continues to be a matter of hot debate. Some experts believe that end user education is critical to future online security. Others believe that user education is a waste of time and money that could be more effectively spent on technical controls. It's not clear who's right, and as long as the answer remains elusive, you can be sure that social engineering attacks will continue to be at the heart of any cybercriminal's arsenal.

And as usual, the DBIR data provides a ton of data that may not offer an answer, but helps frame the question. Dark Reading will be doing more coverage of this topic -- and analysis of the DBIR data itself -- in the days ahead. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
royatkinson
50%
50%
royatkinson,
User Rank: Apprentice
4/25/2013 | 7:03:11 PM
re: The Many Faces Of The Verizon Data Breach Investigation Report
I'm just wondering if the threat of insider breaches has diminished, or if has just changed. I keep thinking of corporate intellectual property leaking out into Evernote, Dropbox and other storage and sharing apps, especially from mobile users. The effects may not be immediately felt, and perhaps will never be fully known.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

CVE-2014-2392
Published: 2014-04-24
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer log...

CVE-2014-2393
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.

CVE-2011-5279
Published: 2014-04-23
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

Best of the Web