Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

The Many Faces Of The Verizon Data Breach Investigation Report

Verizon's annual data breach report offers volumes of data -- and even more interpretations

For those of us who cover data breaches, the release of the annual Verizon Data Breach Investigations Report is sort of like the motion picture industry's Oscar awards or the annual release of the auto industry's Blue Book -- it doesn't provide all of the answers, but it helps define what the coming year's questions will be.

The Verizon 2013 DBIR went live on Monday night, and it already has generated a ton of discussion and scrutiny. The report, which offers a detailed look at 621 data breaches investigated last year, is set apart from other breach studies because it reports data collected by objective third parties, and not the breached companies themselves.

Less than 48 hours after the report was published, Dark Reading has already posted two news stories on the DBIR. Kelly Jackson Higgins offers an excellent overview of the report, noting the broad range of attacks and victims in this year's report.

Today, Ericka Chickowski posted a piece that offers a look at the DBIR from the insider threat perspective, pointing out that while the frequency of insider-initiated breaches appears to be shrinking, IT and business executives continue to fear data leaks and insider threats more than ever.

In addition, you might enjoy the commentary from Dark Reading blogger and 451 Research analyst Wendy Nather, who points out that the DBIR continues to report that most breaches are discovered by third parties, but falls short on its explanation of why.

I've written about the DBIR every year since Verizon began publishing it more than five years ago, and every year I'm surprised by the new insights it provides on actual data breaches. For example, this year's report shows a marked decrease in the percentage of breaches caused by malware or hacking, and a significant increase in the percentage of breaches caused by social engineering or physical attack.

The study isn't suggesting that hacking and malware -- which still account for the majority of data breaches -- are going away. But it does prove that attackers are both innovative and resourceful, and that they aren't pigeonholing themselves into any one strategy of penetration. If a physical attack on an ATM machine works, then why write complicated malware? It's not about the method -- it's about getting results.

It's this attitude that has led more and more attackers to social engineering, which sometimes is an end in itself, and other times is the first step in a much more sophisticated online attack. Finding a gullible human in a targeted organization is often easier than finding a software vulnerability or an open network port, so attackers are quick to use social engineering as a key part of any exploit. The DBIR reports a radical increase in phishing as a means of attack, and this finding confirms those reported in many other studies this year.

Of course, whether human users can be "patched" or educated to prevent social engineering attacks continues to be a matter of hot debate. Some experts believe that end user education is critical to future online security. Others believe that user education is a waste of time and money that could be more effectively spent on technical controls. It's not clear who's right, and as long as the answer remains elusive, you can be sure that social engineering attacks will continue to be at the heart of any cybercriminal's arsenal.

And as usual, the DBIR data provides a ton of data that may not offer an answer, but helps frame the question. Dark Reading will be doing more coverage of this topic -- and analysis of the DBIR data itself -- in the days ahead. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
royatkinson
50%
50%
royatkinson,
User Rank: Apprentice
4/25/2013 | 7:03:11 PM
re: The Many Faces Of The Verizon Data Breach Investigation Report
I'm just wondering if the threat of insider breaches has diminished, or if has just changed. I keep thinking of corporate intellectual property leaking out into Evernote, Dropbox and other storage and sharing apps, especially from mobile users. The effects may not be immediately felt, and perhaps will never be fully known.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14300
PUBLISHED: 2020-07-13
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in th...
CVE-2020-14298
PUBLISHED: 2020-07-13
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the co...
CVE-2020-15050
PUBLISHED: 2020-07-13
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
CVE-2020-10987
PUBLISHED: 2020-07-13
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.
CVE-2020-10988
PUBLISHED: 2020-07-13
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.