|By Peter Silva||
|April 25, 2014 09:45 AM EDT||
Whales Not Included
Being from the Hawaiian Islands, the annual gathering of the Kohola (humpback whales) is always a spectacular view. They can get over half their body out of the water and administer a cannonball body slam splash like you’ve never seen before. Most of the internet thinks they breach to either see what’s up (so to speak), let other whales know they are around (if the haunting squeal isn’t doing it) and most common, to relieve the body of lice, parasites and barnacles.
The Verizon 2014 Data Breach Investigation Report (DBIR) found that over the last 10 years, 92% of the 100,000 security incidents analyzed can be traced to nine basic attack patterns. The patterns identified are:
- Miscellaneous errors like sending an email to the wrong person
- Crimeware (malware aimed at gaining control of systems)
- Insider/privilege misuse
- Physical theft or loss
- Web app attacks
- Denial of service attacks
- Point-of-sale intrusions
- Payment card skimmers
The really cool thing about the 9 attack patterns is that Verizon has also charted the frequency of incident classification patterns per industry vertical. For instance, in financial services 75% of the incidents come from web application attacks, DDoS and card skimming while retail, restaurants and hotels need to worry about point-of-sale intrusions. Utilities and manufacturing on the other hand get hit with cyber-espionage. Overall across all industries, only three threat patterns cover 72 percent of the security incidents in any industry.
Once again, no one is immune from a breach and while media coverage often focuses on the big whales, the bad guys are not targeting organizations because of who they are but because a vulnerability was found and the crooks decided to see if they could get more. This means that companies are not doing some of the basics to stay protected. For the 2014 analysis, there were 1,367 confirmed data breaches and 63,437 security incidents from 50 global companies.
For the most part, the fixes are fairly basic: Use strong authentication, patch vulnerabilities quickly and encrypt devices that contain sensitive information. I’ve barely scratched the surface of the report and highly suggest a through reading.
- Verizon 2014 Data Breach Investigations Report Identifies More Focused, Effective Way to Fight Cyberthreats
- Verizon Data Breach Investigations Report
- Verizon’s data breach report: Point-of-sale, Web app attacks take center stage
- DBIR: Poor Patching, Weak Credentials Open Door To Data Breaches
- Bricks (Thru the Window) and Mortar (Rounds)
- Surfing the Surveys: Cloud, Security and those Pesky Breaches
- Targets of Opportunity
- Unplug Everything!
Photo: Protected Resources Division, Southwest Fisheries Science Center, La Jolla, California.
Jun. 25, 2016 06:15 PM EDT Reads: 982
Jun. 25, 2016 05:00 PM EDT Reads: 671
Jun. 25, 2016 03:00 PM EDT Reads: 1,532
Jun. 25, 2016 02:15 PM EDT Reads: 1,009
Jun. 25, 2016 01:45 PM EDT Reads: 872
Jun. 25, 2016 01:15 PM EDT Reads: 1,199
Jun. 25, 2016 11:45 AM EDT Reads: 1,164
Jun. 25, 2016 11:15 AM EDT Reads: 1,162
Jun. 25, 2016 11:00 AM EDT Reads: 1,281
Jun. 25, 2016 11:00 AM EDT Reads: 488
Jun. 25, 2016 10:30 AM EDT Reads: 1,231
Jun. 25, 2016 10:15 AM EDT Reads: 1,222
Jun. 25, 2016 10:00 AM EDT Reads: 666
Jun. 25, 2016 09:30 AM EDT Reads: 1,081
Jun. 25, 2016 07:45 AM EDT Reads: 1,056
Jun. 25, 2016 07:30 AM EDT Reads: 879
Jun. 24, 2016 01:00 PM EDT Reads: 1,331
Jun. 24, 2016 12:00 PM EDT Reads: 1,593
Jun. 22, 2016 11:00 AM EDT Reads: 1,351
Jun. 19, 2016 12:45 PM EDT Reads: 1,243