informa
Commentary

How Organizations Get Hacked

Want a better idea of how organizations get infiltrated, including detailed synopsis of how many successful data breaches occur? Sit down with a copy of the just released Verizon Data Breach Investigations Supplemental Report and you'll get a great idea.
Want a better idea of how organizations get infiltrated, including detailed synopsis of how many successful data breaches occur? Sit down with a copy of the just released Verizon Data Breach Investigations Supplemental Report and you'll get a great idea.This report, available here, goes into painful detail of what Verizon has determined to be the top 15 threats to data, along with actual (but confidential) examples of real-world breaches.

The data in this report is exactly the kind of help security managers need to help them design better budgets. They need to know what types of attacks are prevalent, successful, and how they work. For instance, while application-based attacks are still often overlooked, SQL-injection attacks accounted for 18% of all breaches, and were involved in 79% of lost records. That's a huge chunk of risk you might want to focus on.

The top number of threat actions, out of 15, organizations suffered, in order, include keyloggers and spyware, backdoor or command/control malware, SQL injection, abuse of system access privileges, and unauthorized access of default credentials.

Some of the attacks with the least impact (but not no impact) in the report include phishing, brute-force hacking attacks, and physical theft of a data container. The report goes into considerable detail about the how the threats work, industries they typically target, where they come from, and steps that can be taken to mitigate the risks.

One of the most eye-opening data sets to come from the report is the finding that the vast majority of breaches stem from external sources, rather than from insiders. Verizon's data found 73% of all breach sources (that required disclosure) originated externally, while 18% where from insiders. That finding flies in the face of the message of many security vendors who cite insiders as the biggest threat.

Does that mean insiders aren't a significant threat? Certainly not. They account for one-fifth of the breaches studied - and a knowledgeable, well-positioned insider can do an enormous amount of damage. But that threat can't be mitigated at the expense of hardening systems from malware and application-based attacks.

Recommended Reading: