Evalian Data Breach Investigations Blog

Verizon’s Data Breach Investigations Report & Your Security Strategy

June 10th, 2019 Posted in Information Security

‘Know your enemy and know yourself, Sun Tzu, a philosophy for military strategies and adopted by the business world is also sound advice for cyber security.  Different industries are susceptible to different methods of attack. Knowing what data you have and who wants it can help you in some way in designing your cyber security strategy.  To learn more about the threats you face, a good place to start is the  Verizon Data breach Investigations Report (DBIR) 2019. In its 12th year of publication, the results of the 2019 report come from an analysis of 41,585 security incidents and 2,013 data breaches spanning 86 countries, so it provides insightful and actionable information.  

What are the main types of cyber incident?

As technology changes, so do the methods of infiltrationBut despite the evolution in methodology, data collected from the 12 years that this report has been published reveal that there are 9 categories that cyber incidents largely fall into. These have remained reasonably constant since the first report was issued.  The 9 categories are summarised below along with the threat actors most likely to be carrying out each type of attack. The stats mentioned here come from the latest report.  

  1. Cyber Espionage:  Usually conducted by state actors seeking political or trade secrets. Indeed, 96% of breaches were linked to nation-states. The remaining 4% of perpetrators were organized crime, competitors and former employees.   
  2. Denial of Service:  Designed to compromise the availability of networks and systems which reduces performance and interrupts services. 99% of this type of attack targeted large organisations.  
  3. Insider privilege and misuse:  Any unapproved misuse of organisations resources is mostly down to insiders but also includes former/collusive employees and partners. 
  4. Miscellaneous Errors:  Mistakeswhichdirectly compromise security. This includes mis-delivery of sensitive data, publishing data to unintended audiences and misconfigured servers account for 85% of this pattern. 
  5. Payment card skimmers: Physical placement of skimming device on an asset that reads magnetic strip data from payment cards such as cashpoints and petrol pumps. This method has decreased in the last year which could be due to EMV and disruption of card-present fraud capabilities but could be linked to the next point on this list, Pointof-Sale intrusions, which have increased.  
  6. Point of sale intrusions:  Remote attack on POS terminals and POS controllers.  
  7. Physical theft and loss:  Loss ofinformation asset through misplacement or malice which consists mainly of hard documents and laptops stolen from the work area or an employee-owned car.  
  8. Web application attacks:  Any incident in which a web app was the vector of attack. Includes exploits of code-level vulnerabilities in the application as well as thwarting authentication mechanisms. More than 50% of these breaches are associated with the unauthorized access to cloud-based email servers. 
  9. Crimeware:  All instances involving malware that do not fall into a more specific pattern. Mostly opportunistic and financially motivated. In these instances, command and control (C2) is the most common functionality (47%) followed by ransomware (28%). 

Which method of cyber-attack targets which industries? 

For an indepth view of the type of threat your industry is likely to be affected by, the report drills down to specific industries from Page 35 onward.  Below is a snapshot from some of the major industry verticals just to start you off. 

  • Accommodation and food services are mainly targeted with POS attacks to harvest customers’ payment card data. These attacks are typically carried out by organised crime groups for financial gain and although it is commonly smaller businesses that are targeted, this doesn’t mean large organisations can rest easy as the recent attack on this major chain demonstrates.  
  • Financial and Insurance companies are targeted most frequently with denial of service attacks and use of stolen credentials through compromised email accounts. The main motive for targeting this sector is financial (88%) with 10% being espionage.  
  • Information Industry suffers from miscellaneous errors, web applications and cyber espionage which represent 83% of breaches. 36% of the external hackers were state-affiliated.  
  • Manufacturing has in recent years been targeted for espionage however although this is still a strong motivator, this sector has been experiencing an increase in financially motivated breaches in the last couple of years just like this ransomware attack earlier this year.  Most breaches involve phishing and the use of stolen credentials.  

How to defend your organisation  

The motive and method of cyberattack will influence what you should focus your cyber security budget on, and the DBIR offers a range of great advice, however the Achilles’ heel which comes up time and again is the human factor. Cyber Security training and awareness are therefore critical. 

The human factor can be the most challenging. Our advice would be to position training and awareness campaigns at the centre of your cyber security programme and not just with respect to phishing, social engineering or pretexting (where an individual lies to obtain privileged databut for general mistakes such as misdelivery and erroneous publishing.  

Systems can helhere too; you should set them up to limit the amount of damage an employee can do with existing privileges. Monitor your email for links and executables (including macro-enabled Office docs)Also, provide a way for employees to report potential phishing or pretexting.  

Review your cyber security strategy

Once you know what sort of cyber-attack you are most likely to experience and why you can marry that information with the location of your valuable information and how it could be accessed. A good place to start, if you haven’t done so already, is to review your cyber security strategy and ensure that it aligns with your business objectives. Going through this process will enable you to identify what data you have, where its stored, who has access to it and where it flows throughout the business including third-party suppliers. It’s the ultimate step in knowing yourself! 

Need help?

If you need help with developing your cyber security strategy or training and awareness, we can help. Contact us for advice or an informal chat on what you may need. 

Evalian Icon PNG

Written by Evalian®