Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/10/2009
08:10 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

How Organizations Get Hacked

Want a better idea of how organizations get infiltrated, including detailed synopsis of how many successful data breaches occur? Sit down with a copy of the just released Verizon Data Breach Investigations Supplemental Report and you'll get a great idea.

Want a better idea of how organizations get infiltrated, including detailed synopsis of how many successful data breaches occur? Sit down with a copy of the just released Verizon Data Breach Investigations Supplemental Report and you'll get a great idea.This report, available here, goes into painful detail of what Verizon has determined to be the top 15 threats to data, along with actual (but confidential) examples of real-world breaches.

The data in this report is exactly the kind of help security managers need to help them design better budgets. They need to know what types of attacks are prevalent, successful, and how they work. For instance, while application-based attacks are still often overlooked, SQL-injection attacks accounted for 18% of all breaches, and were involved in 79% of lost records. That's a huge chunk of risk you might want to focus on.

The top number of threat actions, out of 15, organizations suffered, in order, include keyloggers and spyware, backdoor or command/control malware, SQL injection, abuse of system access privileges, and unauthorized access of default credentials.

Some of the attacks with the least impact (but not no impact) in the report include phishing, brute-force hacking attacks, and physical theft of a data container. The report goes into considerable detail about the how the threats work, industries they typically target, where they come from, and steps that can be taken to mitigate the risks.

One of the most eye-opening data sets to come from the report is the finding that the vast majority of breaches stem from external sources, rather than from insiders. Verizon's data found 73% of all breach sources (that required disclosure) originated externally, while 18% where from insiders. That finding flies in the face of the message of many security vendors who cite insiders as the biggest threat.

Does that mean insiders aren't a significant threat? Certainly not. They account for one-fifth of the breaches studied - and a knowledgeable, well-positioned insider can do an enormous amount of damage. But that threat can't be mitigated at the expense of hardening systems from malware and application-based attacks.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24619
PUBLISHED: 2020-09-22
In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.
CVE-2020-8887
PUBLISHED: 2020-09-22
Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page).
CVE-2020-7734
PUBLISHED: 2020-09-22
All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.
CVE-2020-6564
PUBLISHED: 2020-09-21
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.
CVE-2020-6565
PUBLISHED: 2020-09-21
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.