Verizon Report: Top 9 Causes Of Data Breaches
Threats In All Shapes And Sizes
In the 2015 annual Verizon Data Breach Report, researchers ranked the top causes of both confirmed data breaches and incidents overall, built from reducing the hundreds of thousands of attacks into nine key categories, which account for 96 percent of all breaches. By looking at these categories and preparing for them, the report said, companies can actively fight back against common sources of breaches to protect their organizations down the road.
"It suggests that, while the threats against us may seem innumerable, infinitely varied, and ever-changing, the reality is they aren't. This certainly doesn't diminish the significant challenges faced by defenders, but it does imply a threat space that is finite, understandable, and at least somewhat measurable," the report said.
Take a look.
9. Denial Of Service
Denial-of-Service attacks accounted for only 0.1 percent of confirmed data breaches, and 3.9 percent of total incidents. The attacks were primarily activist attacks, the report found, accounting for 31 percent of all activist attacks during the year. While only accounting for a small percentage of overall attacks, the Verizon report said there was a dramatic increase in DDoS attacks over the year before, with twice the number of incidents reported by partners. To fight back against this growing threat, the report recommended securing services by patching and blocking botnet C2 servers, as well as conducting regular security drills to find weak spots.
8. Payment Card Skimmers
Payment card skimmers accounted for 3.1 percent of confirmed breaches and 0.1 percent of total incidents. Similar to previous years, the attacks primarily affected the retail and financial services industries. While detection times are improving, the report said attackers also are becoming more innovative, embracing technologies such as Bluetooth and mobile devices to connect to pinhole cameras, remote cameras and collect remote stripe data. The report said the October 2015 deadline for updating to chip-and-PIN systems should help, but poor implementations will still be vulnerable.
7. Physical Theft/Loss
Physical theft and loss accounted for 3.3 percent of confirmed breaches and 15.3 percent of overall incidents. The thefts appeared to be mostly opportunistic, the report said, and were seen across the board, though health care and public sector were particularly affected. Most of the theft and loss happened within the work area, with 55 percent of incidents reported there, followed by 22 percent in employee-owned vehicles. Tactics to prevent this sort of attack, and the security problems it can create, have remained the same, the report said, including tracking procurement, making it easy to report incidents and encrypting devices.
6. Miscellaneous Errors
Miscellaneous errors accounted for 8.1 percent of confirmed breaches and 29.4 percent of total incidents, the highest percentage of any category. Most miscellaneous errors, upward of 60 percent, were caused internally. Of those, 30 percent was sensitive information sent to incorrect recipients, 17 percent was publishing nonpublic data to public web servers, and 12 percent was insecure disposal of personal and medical data. To help cut back on miscellaneous errors, the report recommended figuring out the root of such errors and remedying the problem at its source.
5. Web App Attacks
Web app attacks accounted for 9.4 percent of confirmed breaches and 4.1 percent of incidents overall, driven by a motive for financial gain, the report said. Two-thirds of those attacks were secondary attacks, meaning they were designed to get access to some other primary data, and nearly every attack, 98 percent, was opportunistic. Some top web app attacks included use of stolen credit cards, 50.7 percent; use of back door or C2, 40.5 percent; and SQLI, 19 percent. To fight back against web app attacks, the report recommended tracking user behavior, keeping logs, inventory, and patch web inventory and strengthen authentication.
4. Insider Misuse
Insider misuse accounted for 10.6 percent of confirmed breaches and 20.6 percent of total incidents, the third-highest percentage. Across all industries, the majority of insider misuse was privilege abuse, with 55 percent of incidents, driven by financial incentives and convenience. The main culprits of inside misuse, in order of percentage, included end users, cashiers, finance and executives. The challenge with insider threats is that they can be hard to catch, the report said, with most discovered after the offender had left the company.
Of confirmed breaches, 18 percent were caused by cyberespionage, which accounted for 0.8 percent of total incidents. The attacks were targeted primarily at the manufacturing, public-sector and professional industries, looking to gain secrets, credentials, internal and systems data. However, of the 548 total incidents, only one-third of them had attacker attribution. The breaches were primarily carried out using email attachments, email links and web drive-by. In order to prevent cyberespionage attacks, the report recommended collecting data, including email transaction logs, attachment records and links in emails. While that likely won't stop an intent state-sponsored attack, the report said these steps could help defend the organization against its repercussions.
Second highest on the list of data breach causes is Crimeware, representing malware attacks that were not point-of-sale or cyberespionage, which accounted for 18.8 percent of confirmed breaches and 25.1 percent of total incidents. The vast majority of these attacks were C2, accounting for 84.4 percent, though a significant portion was also DOS, back-door and spyware/keylogger attacks. Like many of the other attacks, the report said Crimeware is primarily driven by financial or opportunistic motives. To fight back against these breaches, the report recommended capturing and tracking malware incidents in an attempt to quantify the attacks.
1. POS Intrusions
Ranking No. 1 on the list is point-of-sale intrusions, which accounted for 28.5 percent of confirmed data breaches and 0.7 of total incidents. The trend, kicked off in full force at the end of 2013, continued throughout 2014 with both mega breaches and breaches of small companies on the rise.
"Attacks on POS systems are not new, and they are relevant to organizations big and small that are swiping cards to collect revenue. The attack methods are becoming more varied, even against small businesses. This is an indication that the threat actors are able to adapt, when necessary, to satisfy their motives (and greed will not be trending down any time soon)," the report said.