Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

The Many Faces Of The Verizon Data Breach Investigation Report

Verizon's annual data breach report offers volumes of data -- and even more interpretations

For those of us who cover data breaches, the release of the annual Verizon Data Breach Investigations Report is sort of like the motion picture industry's Oscar awards or the annual release of the auto industry's Blue Book -- it doesn't provide all of the answers, but it helps define what the coming year's questions will be.

The Verizon 2013 DBIR went live on Monday night, and it already has generated a ton of discussion and scrutiny. The report, which offers a detailed look at 621 data breaches investigated last year, is set apart from other breach studies because it reports data collected by objective third parties, and not the breached companies themselves.

Less than 48 hours after the report was published, Dark Reading has already posted two news stories on the DBIR. Kelly Jackson Higgins offers an excellent overview of the report, noting the broad range of attacks and victims in this year's report.

Today, Ericka Chickowski posted a piece that offers a look at the DBIR from the insider threat perspective, pointing out that while the frequency of insider-initiated breaches appears to be shrinking, IT and business executives continue to fear data leaks and insider threats more than ever.

In addition, you might enjoy the commentary from Dark Reading blogger and 451 Research analyst Wendy Nather, who points out that the DBIR continues to report that most breaches are discovered by third parties, but falls short on its explanation of why.

I've written about the DBIR every year since Verizon began publishing it more than five years ago, and every year I'm surprised by the new insights it provides on actual data breaches. For example, this year's report shows a marked decrease in the percentage of breaches caused by malware or hacking, and a significant increase in the percentage of breaches caused by social engineering or physical attack.

The study isn't suggesting that hacking and malware -- which still account for the majority of data breaches -- are going away. But it does prove that attackers are both innovative and resourceful, and that they aren't pigeonholing themselves into any one strategy of penetration. If a physical attack on an ATM machine works, then why write complicated malware? It's not about the method -- it's about getting results.

It's this attitude that has led more and more attackers to social engineering, which sometimes is an end in itself, and other times is the first step in a much more sophisticated online attack. Finding a gullible human in a targeted organization is often easier than finding a software vulnerability or an open network port, so attackers are quick to use social engineering as a key part of any exploit. The DBIR reports a radical increase in phishing as a means of attack, and this finding confirms those reported in many other studies this year.

Of course, whether human users can be "patched" or educated to prevent social engineering attacks continues to be a matter of hot debate. Some experts believe that end user education is critical to future online security. Others believe that user education is a waste of time and money that could be more effectively spent on technical controls. It's not clear who's right, and as long as the answer remains elusive, you can be sure that social engineering attacks will continue to be at the heart of any cybercriminal's arsenal.

And as usual, the DBIR data provides a ton of data that may not offer an answer, but helps frame the question. Dark Reading will be doing more coverage of this topic -- and analysis of the DBIR data itself -- in the days ahead. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
royatkinson
50%
50%
royatkinson,
User Rank: Apprentice
4/25/2013 | 7:03:11 PM
re: The Many Faces Of The Verizon Data Breach Investigation Report
I'm just wondering if the threat of insider breaches has diminished, or if has just changed. I keep thinking of corporate intellectual property leaking out into Evernote, Dropbox and other storage and sharing apps, especially from mobile users. The effects may not be immediately felt, and perhaps will never be fully known.
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29367
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
CVE-2020-26245
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
CVE-2017-15684
PUBLISHED: 2020-11-27
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.