Categories
Compliance|Computer & Network Security|Information Security|Research

Verizon Breach Report 2013: What Does It Mean For Your Organization

Each year Verizon releases their Breach Report; it is sort of a state of the union with regard to last year’s breaches.  It is worthy research to help determine the industry trends that could help steer the budgets and focus of IT departments.  This year’s report includes 1,367 Confirmed Data Breaches, and 63,437 Security Incidents.

No one is immune:

[av_image src=’https://www.securit360.com/wp-content/uploads/2014/04/verizon-300×126.jpg’ attachment=’1929′ align=’center’ animation=’no-animation’ link=” target=”]

According to the report, 92% of all breaches can be categorized in 9 groups.  Here is a summary of things every organization should be doing to keep from being included in next year’s report:

  • Restrict Remote Access
  • Enforce Password Policies
  • Deploy AV
  • Employ Network Monitoring
  • Reconsider Network Topologies and Connectivity
  • Two Factor Authentication
  • AppDevs use the OWASP Top Ten
  • Information Management – Where is your data and who has access?
  • Review User Accounts
  • Encrypt Devices
  • Use mobile device management systems
  • Patch Your Stuff
  • Implement Change Management
  • Maintain Logs
  • Monitor your corporate email addresses for breaches: https://haveibeenpwned.com/

Let’s break down the sections for quick overview of the report:

Point-Of-Sale Intrusions

In 2013 over 99% of POS intrusions were initiated by external parties, but even worse, in 99% of the cases an external party (law enforcement. fraud detection or customer) notified the organization of the breach.  So this begs the question, Is Compliance Enough?

What can you do?

  • Restrict Remote Access
  • Enforce Password Policies
  • Use POS systems only for POS activities
  • Deploy AV
  • Employ Network Monitoring
  • Reconsider Network Topologies and Connectivity

Web App Attacks

Applications are vulnerable from many fronts.  The attack vector is almost always in the OWASP Top Ten and Developers need to be familiar with each item in the top ten.  60% of compromises occur within minutes of an attack.  Over 85% of attacks are discovered in days, and 50% can take months or longer to discover.  So while discovery is the area that needs the most focus, most organization, once they discover the attack, respond within days.

What can you do?

  • Two Factor Authentication
  • Strongly Consider your CMS
  • Validate Inputs
  • Enforce Lockouts
  • Monitor Outbound Connections

Insider and Privilege Misuse

Most crimes by trusted parties are perpetrated for personal or financial gain.  In 71% of these incidents the attack began on the corporate LAN, and 28% took advantage of physical access within the corporate facility. This means that most of these types of attacks take place at work.    72% of these attacks were perpetrated for financial gain, and in 70% of intellectual property theft the person stole information within 30 days of announcing their resignation.

What can you do?

  • Information Management – Where is your data and who has access?
  • Review User Accounts
  • What data that leaves your network
  • Publish Audit Results

Physical Theft and Loss

Corporate assets are stolen more often than vehicles or residences, and 40% of thefts involve mobile assets.  80% of these thefts allowed a user to gain access through disabled or bypassed controls.

What can you do?

  • Encrypt Devices
  • Encrypt Devices!
  • Use mobile device management systems
  • Segregate Secure Data (logically and physically)
  • Consider preventing secure data from being mobile

Miscellaneous Errors

Almost all data breaches include some element of human error.  Misdelivery (sending paper documents or emails to the wrong recipient) is the most frequently seen error resulting in data disclosure.  According to the report, “government organizations frequently deliver non-public information to the wrong recipient; so much so, in fact, that we had to remove it from [one of our figures] so that you could see the other error varieties.

What can you do?

  • Implement a DLP Solution
  • Create better publishing policies
  • Control what is trashed and what is shredded

Crimeware

Zeus is still number one in malware attacks.  Statistics in this area are difficult to manifest because there are variables such as instead of removing a virus, the machine is just wiped.  Additionally, often times the partners who report these outbreaks never know about them.

What can you do?

  • Patch Your Stuff
  • Keep Browsers up to Date
  • Disable Java in the Browser
  • Use Two-Factor Authentication
  • Implement Change Management
  • Leverage threat feeds

Payment Card Skimmers

100% of incidents involved data disclosure.  Most skimming occurred at ATMs and gas pumps.

What can you do?

Cyber Espionage

According to Verizon, “Strategic website compromises (SWCs) have proven to be an effective tactic of state-affiliated threats to infiltrate the networks of target organizations.”  Over 75% of compromises took advantage of browser based zero-day vulnerabilities.

What can you do?

  • Patch Your Stuff
  • Make Sure AV is Up to Date
  • Train Users
  • Segment Networks
  • Maintain Logs

DOS Attacks

No data was disclosed as a result of a DoS attack.  The average attack utilized a sustained 10Mbps of bandwidth.  The amount of traffic in the Spamhaus attack ranged from 85-120Gbps. Yikes!

What can you do?

  • Turn off unused ports and services
  • Segregate essential IPs from unused IPs
  • Contact your provider about anti-DDoS services
  • Have a plan in place
  • Know your servers’ limits