The Verizon Data Breach Investigations Report, which is becoming increasingly talked about and mulled over in corporate boardrooms to gain insight into attacker techniques and common security weaknesses, has been tilted toward financially motivated cybercrime. But that is likely to change in the latest report, the study's lead author said.
Verizon said at the 2013 RSA Conference that the 2013 data breach report, due out later this year, will contain data from a dozen new public and private organizations. The United States Computer Emergency Readiness Team (US-CERT) is contributing data for the first time and Carnegie Mellon University's CERT Insider Threat Center is contributing as well.
Data and breach information also is being added from law enforcement and CERTs from Malaysia, Denmark and Spain. The data that could have the most impact, however, is from the Industrial Control Systems Cyber Emergency Response Team, the European Cyber Crime Center, Deloitte and several other private firms, according to Wade Baker, creator and principal analyst of the Verizon Data Breach Investigations Report.
[Related: Data Breach Security From A To Z]
"The more information we can study, the more breaches we can pull together and dissect them to figure out who is doing it, what they're attacking, what they're interested in, how companies are responding and the most common failure modes, the better we're going to understand the real picture out there," Baker told reporters at a press conference previewing the report Tuesday.
That data will provide new insight into targeted attacks or so-called Advanced Persistent Threats, which are increasingly being spotted on corporate systems sometimes years after an initial attack takes place, Baker said. The attacks could generate new insight into intellectual property theft, which security experts say is a serious issue. Very little public data is available about these attacks because many companies typically aren't obligated to share breach information after such a sensitive incident.
Baker said the latest study will look at about 46,000 attacks, with 600 of them confirmed data breaches One private company adding to the report is G-C Partners, a Plano, Texas-based forensics investigation firm that works on civil court cases involving large companies and former employees. The data could glean information on insider threats, said David Cowen, partner at G-C Partners.
"It's a different type of threat," Cowen said. "While other people are talking about the threat from nation-states or foreign hackers, we are interested in the employees at information-based competitors that people can actually come back after in civil remedies," Cowen said. "For us it's not only about exposing what we're seeing, but also sharing the research so the facts can be known."
The 2012 Data Breach Investigations Report highlighted the impact hacktivists had on the exposure of data from their attacks. Hackers accounted for only 2 percent of the 850 breaches analyzed by Verizon, but they stole about 100 million records, Verizon said.
Basic security controls -- such as weak and default administrator passwords -- and poorly configured and neglected remote access points were the typical entry points for attackers, the report found. Firms struggling to protect data typically are smaller and lack the technical staff to maintain Internet-facing systems. The 2012 report also found that most organizations learn about a breach when fraud is detected by an outside entity such as law enforcement, a partner or another third party.
PUBLISHED FEB. 27, 2013
