Think HBR

Report identifies more focused way to fight cyberthreats

Report finds nine basic patterns make up 92 percent of security incidents; no organisation is immune from a data breach.
Verizon security researchers have found that 92% of all security incidents over a ten-year period can be traced to nine basic attack patterns that vary from industry to industry.
This finding, the highlight of Verizon’s “2014 Data Breach Investigations Report,” will enable a more focused and effective approach to fighting cyberthreats.
“After analysing 10 years of data, we realise most organisations cannot keep up with cybercrime – and the bad guys are winning,” said Wade Baker, principal author of the Data Breach Investigations Report series.
“But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically.
“Organisations need to realise no one is immune from a data breach. Compounding this issue is the fact that it is taking longer to identify compromises within an organisation – often weeks or months, while penetrating an organisation can take minutes or hours,” Baker said.
The DBIR identifies the nine threat patterns as: miscellaneous errors such as sending an email to the wrong person; crimeware (various malware aimed at gaining control of systems); insider/ privilege misuse; physical theft/loss; Web application attacks; denial of service attacks; cyber-espionage; point-of-sale intrusions; and payment card skimmers.
This year’s report found that on average, just three threat patterns cover 72% of the security incidents in any industry.
For example, in the financial services sector, 75% of the incidents come from Web application attacks, distributed denial of service (DDoS) and card skimming, while 54% of all manufacturing attacks are attributed to cyber-espionage and DDoS. In the retail sector, the majority attacks are tied to DDoS (33%) followed by point-ofsale intrusions (31%). Other key findings in the report include:
• Cyber-espionage is up again in the 2014 report, representing a more than three-fold increase compared with the 2013 report. In addition, these attacks were found to be the most complex and diverse, with a long list of threat patterns. As it did last year, China still leads as the site of the most cyber-espionage activity; but the other regions of the world are represented, including Eastern Europe with more than 20%.
• For the first time, the report examines distributed denial of service attacks (DDoS), which are attacks intended to compromise the availability of networks and systems so that, for example, a website is rendered useless. They are common to the financial services, retail, professional, information and public sector industries. The report points out that DDoS attacks have grown stronger year-over-year for the past three years.
• The use of stolen and/or misused credentials (user name/ passwords) continues to be the No. 1 way to gain access to information. Two out of three breaches exploit weak or stolen passwords, making a case for strong two-factor authentication.
• Retail point-of-sale attacks continue to trend downward, exhibiting the same trend since 2011. Industries commonly hit by POS intrusions are restaurants, hotels, grocery stores and other brick-and-mortar retailers, where intruders attempt to capture payment card data. While POS breaches have been in the headlines lately, it is not indicative of the actual picture of cybercrime.
• While external attacks still outweigh insider attacks, insider attacks are up, especially with regard to stolen intellectual property. The report points out that 85% of insider and privilege-abuse attacks used the corporate LAN, and 22% took advantage of physical access.
The 2014 report can be downloaded from