Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

The Many Faces Of The Verizon Data Breach Investigation Report

Verizon's annual data breach report offers volumes of data -- and even more interpretations

For those of us who cover data breaches, the release of the annual Verizon Data Breach Investigations Report is sort of like the motion picture industry's Oscar awards or the annual release of the auto industry's Blue Book -- it doesn't provide all of the answers, but it helps define what the coming year's questions will be.

The Verizon 2013 DBIR went live on Monday night, and it already has generated a ton of discussion and scrutiny. The report, which offers a detailed look at 621 data breaches investigated last year, is set apart from other breach studies because it reports data collected by objective third parties, and not the breached companies themselves.

Less than 48 hours after the report was published, Dark Reading has already posted two news stories on the DBIR. Kelly Jackson Higgins offers an excellent overview of the report, noting the broad range of attacks and victims in this year's report.

Today, Ericka Chickowski posted a piece that offers a look at the DBIR from the insider threat perspective, pointing out that while the frequency of insider-initiated breaches appears to be shrinking, IT and business executives continue to fear data leaks and insider threats more than ever.

In addition, you might enjoy the commentary from Dark Reading blogger and 451 Research analyst Wendy Nather, who points out that the DBIR continues to report that most breaches are discovered by third parties, but falls short on its explanation of why.

I've written about the DBIR every year since Verizon began publishing it more than five years ago, and every year I'm surprised by the new insights it provides on actual data breaches. For example, this year's report shows a marked decrease in the percentage of breaches caused by malware or hacking, and a significant increase in the percentage of breaches caused by social engineering or physical attack.

The study isn't suggesting that hacking and malware -- which still account for the majority of data breaches -- are going away. But it does prove that attackers are both innovative and resourceful, and that they aren't pigeonholing themselves into any one strategy of penetration. If a physical attack on an ATM machine works, then why write complicated malware? It's not about the method -- it's about getting results.

It's this attitude that has led more and more attackers to social engineering, which sometimes is an end in itself, and other times is the first step in a much more sophisticated online attack. Finding a gullible human in a targeted organization is often easier than finding a software vulnerability or an open network port, so attackers are quick to use social engineering as a key part of any exploit. The DBIR reports a radical increase in phishing as a means of attack, and this finding confirms those reported in many other studies this year.

Of course, whether human users can be "patched" or educated to prevent social engineering attacks continues to be a matter of hot debate. Some experts believe that end user education is critical to future online security. Others believe that user education is a waste of time and money that could be more effectively spent on technical controls. It's not clear who's right, and as long as the answer remains elusive, you can be sure that social engineering attacks will continue to be at the heart of any cybercriminal's arsenal.

And as usual, the DBIR data provides a ton of data that may not offer an answer, but helps frame the question. Dark Reading will be doing more coverage of this topic -- and analysis of the DBIR data itself -- in the days ahead. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
royatkinson
50%
50%
royatkinson,
User Rank: Apprentice
4/25/2013 | 7:03:11 PM
re: The Many Faces Of The Verizon Data Breach Investigation Report
I'm just wondering if the threat of insider breaches has diminished, or if has just changed. I keep thinking of corporate intellectual property leaking out into Evernote, Dropbox and other storage and sharing apps, especially from mobile users. The effects may not be immediately felt, and perhaps will never be fully known.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.