Verizon Breach Report: Attackers Take Only Seconds To Capitalize On A Basic Security Mistake


Weak and stolen passwords, poorly configured systems and error-riddled applications are at the core of nearly every data breach and security incident, according to the 2014 Verizon Data Breach Investigations Report, the security industry's annual analysis of data breaches, released Tuesday.

Attackers often exploit basic security missteps in seconds, found the report, which has become the security industry's go-to document for identifying popular hacking techniques and common lapses in data protection strategies.

Verizon analyzed more than 1,300 confirmed data breaches that took place in 2013. Two out of three breaches involved the use of weak or stolen account credentials, prompting the need for the adoption of two-factor authentication, said Christopher Porter, a managing principal at Verizon.

[Related: Verizon 2014 Data Breach Report: The Bad Guys Are Winning]

"Criminals have lists of default passwords and stolen credentials, and when that doesn't work they're brute-forcing their way in," Porter told CRN. "Two-factor authentication could go a long way to making it difficult for criminals to move anywhere once they gain access to a corporate network."

The Verizon analysis found that businesses are getting better at proactive network monitoring and at reviewing system logs to detect threats, but cybercriminals are getting more efficient at compromising systems, according to Porter. Internal discoveries are steadily increasing, but law enforcement is still typically the bearer of breach news, he said.  

Businesses do a poor job of monitoring systems to detect attacks because it is expensive, there aren't enough skilled IT professionals to do the job, and spotting potential problems from thousands of events is difficult, said Arthur Hedge, CEO of Morristown, N.J.-based managed security service provider Castle Ventures, which reviews system logs and provides network monitoring services. Organizations need to do a better job of integrating IT operations with security to reduce false positives and make monitoring a more efficient practice, Hedge said.

"There are lots of alarms, security events and infrastructure failures due to misconfigured servers or application errors," Hedge said. "IT infrastructure operations and security need to have a process to communicate so that those annoyances can get fixed immediately because they mask the security incidents that the security team needs to investigate."

NEXT: Businesses Struggle To Prioritize Risk