For 9 straight years now, Verizon has released the Data Breach Investigations Report to give cybersecurity professionals a detailed look into the threat landscape. The report is meant to help security teams keep up with increasingly sophisticated attackers.
Cybersecurity is a game of time today, and the only way to stay ahead of attackers and mitigate the damages of a data breach is to think like your adversaries.
These 16 takeaways from the 2016 Verizon Data Breach Investigations Report will help you understand your attackers to address key vulnerabilities throughout your network.
16 Key Findings from the 2016 Verizon Report
1. Many industry stories discuss the dangers of cyber attacks originating from the inside, but the vast majority of malicious activity still comes from external threats.
2. Of all types of cyber attacks, insider misuse situations are the ones that can take months or years to discover in the network. External threats may occur in greater volumes, but insider misuse can often be much more dangerous.
3. There was a time when espionage seemed to be gaining traction as a motive for cyber attackers, but financial gain is still the overwhelming leader.
4. Although the DBIR covers 9 key attack categories, phishing attacks and point-of-sale (POS) threats have come to the forefront.
5. Employees and user devices are two main assets that are often compromised in cyber attacks due to the phishing schemes and POS attacks that have become prevalent.
6. The large majority of cyber attacks take just minutes to compromise their targets. Exfiltration then takes just days to carry out.
7. The gap between “time to compromise” and “time to discover” closed briefly in 2014. However, the gap is widening again as attackers find more efficient ways to compromise networks and evade cybersecurity tools.
8. 50% of software exploitations occur between 10 and 100 days after the vulnerability has been disclosed by the publisher.
9. The 10 more common vulnerabilities account for 85% of all successful exploit traffic due to automation by attackers. This doesn’t mean security teams can ignore the remaining 15%.
10. 13% of people tested click on malicious phishing links – it only takes 1 to infect your entire network.
11. 63% of successful data breaches leverage weak or default credentials to compromise the network.
12. Attackers are using command and control functions in POS attacks at a much higher rate than years past.
13. RAM scraping is a widespread and well-known technique for POS attacks, but key logging malware is emerging as a popular option for this kind of attack.
14. As opposed to nation-state attacks, retail POS attacks are generally carried out by a single attacker while targeting a wide array of victims. The key is for attackers to compromise vulnerable POS vendors—not misconfigured POS devices as many people believe.
15. Cyber attacks were on the rise in general, but ransomware saw a particularly large jump in frequency as attackers seek newer, more efficient ways to extort money from companies.
16. Personally identifiable information (PII) was the most targeted type of record in 2015. However, payment card information (PCI) saw a much higher median of lost records than either PII or protected health information (PHI)—more than 54,000 per PCI attack compared to less than 1,000 per PII or PHI attack.
How to Beat Today’s Data Breach Status Quo
Companies need a more proactive approach to cybersecurity—a system that shifts the focus from specific types of malware and exploits to attacker behavior itself.
The illusive networks® 3.0 solution with Attacker View™ with Attacker View™ and the Deceptions Everywhere® architecture offers a comprehensive way to get inside the minds of your attackers and address the trends highlighted in Verizon’s DBIR.
Attacker View™ provides comprehensive visibility into the attack paths that exist in your network—an “under the hood” perspective that companies don’t experience with their typical tools. After these attack paths have been identified, you can target the Deceptions Everywhere® architecture more effectively.
This two-fold process creates a custom-fit security policy that can proactively combat data breaches and help you avoid falling victim to the many techniques and attack vectors detailed in Verizon’s report and beyond.
If you want to learn more about how illusive networks can help you better understand increasingly sophisticated attackers, contact us for a live demo of the product.
Recommended Reading for You:
Subscribe to the Proofpoint Blog