Verizon Breach Report: Attackers Take Only Seconds To Capitalize On A Basic Security Mistake


Web application attacks and cyberespionage were the top two patterns associated with data breaches, according to the Verizon report. Web applications were exploited in nearly 500 confirmed 2013 data breaches Verizon analyzed, highlighting the need for patch management and vulnerability scanning. The use of strong passwords and updating frequently targeted content management systems, such as Drupal, Joomla and Wordpress, would have helped prevent many of the breaches and security incidents, Porter said.

Most organizations are not equipped to fully deal with Web application attacks, said Larry Ponemon, founder and chairman of the Ponemon Institute. In a study commissioned by SQL injection protection vendor DB Networks, Ponemon found it took organizations six months to detect an attack that used SQL injection to gain access to data in the underlying Web server. Organizations aren't addressing vulnerabilities and are not adequately protecting against attacks that target them, Ponemon said.

"In general we find that a lot of organizations really underfund and underprioritize certain areas of security, including addressing Web application vulnerabilities," Ponemon said. "The big funding seems to be on the networking side now, but businesses should look at areas that pose the greatest risk."

Verizon's Porter said it is important for businesses to defend against threats that impact their systems most. Porter referred to the SANS Institute's Top 20 Critical Security Controls, a framework developed by a consortium of U.S. and international agencies. Businesses should identify how their industry is most commonly targeted, Porter said. Apply the security best practices outlined in the document by prioritizing measures with common industry attack patterns, he said.

"Accommodation and retail industries have different controls that need to be put in place than health care does, where data loss is associated commonly with theft of devices," Porter said. The most important way to prioritize is to look at it vertically."

Cyberespionage attacks that stealthily infiltrate a manufacturer, a government organization or think tank to steal internal corporate data and trade secrets increased significantly from the 2013 Verizon report. The 511 security incidents tripled the number from 2013 report, partially due to an increase in data submitted by companies that specialize in investigating the activity. Verizon said there were 306 data breaches associated with cyberespionage activity. Attackers tricked employees into opening malicious file attachments or infected their systems using drive-by attack websites to gain an initial foothold into organizations, Verizon said. State-sponsored attacks made up 81 percent of the security incidents and the Verizon analysis also found incidents associated with organized criminal groups, and industry competitors. Attacks are most often attributed as emanating from China, and the U.S. had the most victim organizations, according to the report.

Detection of cyberespionage attacks are difficult, even with the latest network security appliances and endpoint security software designed to detect custom malware used in some attacks, Porter said. Cyberespionage is rising because there is a lot of time and effort being devoted to detecting discrete information associated with the threat, he said.  

"There's no fraud algorithm for this type of activity like the financial services industry has," Porter said. "If you are an espionage actor and stealing IP or sensitive documents or reading someone's email, there's no concrete information that can be used to detect malicious activity." 

PUBLISHED APRIL 22, 2014