Data Breach Review - Takeaways for the Business

Data Breach Review- Takeaways for the Business Verizon's 2012 Data Breach Investigations Report covering the year 2011 gives a very thorough statistical analysis of the global security state. According to the study, there have been 855 breaches worldwide in 2011, involving more than 174 million compromised records. What can businesses learn from the report? Take a look at the report's highlights: Legend AO = All Organizations SO = Small Organizations (1-1000 Employees) LD = Larger Organizations (1000+ Employees) The Targets Breaches by Industry Breaches by Target Size 54% 42 1 to 10 570 11 to 100 SO 48 101 to 1000 28% 22% AD 20% 10% 1% 27 1001 to 10,000 18% 12% 8% T% 5% 23 10,001 to 100,000 LO 3% 6% 10 Over 100,000 135 Unknown 855 breaches 36 22 (2011) (2010) Countries Affected AO LO The Attackers Top 2 Motives Top 3 Origins of External Attacks AO AO 20% Americas-North 96% 3% Protest or Disagreement 95% 67% Europe-East*. 4% Europe-West Financial or Personal Gain LO 71% External Threats 27% Europe-West Financial or Personal Gain 44% Americas-North 25% 27% Europe-East* Protest or *Incl. Russia and Turkey Disagreement Organized Cybercriminals vs. Activist Groups Professional cybercriminals were responsible for most of the data breaches in 2011 (83% of breaches). They focused on opportunistic attacks on a multitude of smaller targets, which presented a lower risk to them. Activist groups accounted for a relatively small proportion of the attacks (2% of breaches) but they stole a considerable amount of records - over 100 million (58% of records lost). Almost all data stolen by activist groups were taken from larger organizations, so that they could draw more attention and publicity to their attacks. 83% Comparison by Percent of Breaches Comparison by Percent of Records Lost 58% 61% 33% 35% 36% 21% 2% Professional Cybercriminals Professional Professional Activist Activist Activist Groups Activist Groups Professional Cybercriminals Cybercriminals Cybercriminals Groups Groups AO LO AO LO Characteristics of the Breaches Attack Difficulty Types of Attacks Timespan 65% 16% Targeted Attacks The vast majority of incidents (85%) were caused by attackers who were able to compromise the victim very quickly (minutes or faster). This result is primarily due to the many automated, quick attacks against smaller businesses. 35% Opportunistic Attacks LOW DIFFICULTY LEVEL 5% of the initial attack Unknown 79% 50% Opportunistic Attacks Targeted Attacks Most Used Methods for Infiltration 15% Unknown AD L0 No3 - Social Engineering Data Taken Social engineering was used in 7% of the breaches. Pretexting (classic social engineering) was the most used form of social engineering. 20 40 60 80 100 Payment card numbers/data No2 - Malware Authentication credentials Personal information Malware factored in over two-thirds of the 2011 caseload and 95% of all stolen data. The most common malware infection vector was installation or injection by a remote attacker. Sensitive organizational data Bank account numbers/data System information No1 - Haoking Copyrighted/Trademarked material Trade secrets Classified information Hacking was the leading method for infiltration, used in external threats for 2011 - it occurred in 81% of the Medical records breaches. A whole 61% of all breaches featured a combination of hacking techniques and malware. The most used hacking method was exploitation of default or guess- able credentials. Unknown O All Organizations O Larger Organizations E The Breach Discovery Most Common Breach Discovery Methods 26% 21% Brag or blackmail by perpetrator 59% Notified by law enforcement Third-party fraud detection 8% Third-party fraud detection 8% Log analysis and/or review process 16% 4% . Reported by customer/partner affected by the incident Witnessed and/or reported by employee AD LO EL Countermeasures Small Businesses Larger Businesses Implement a firewall or ACL on remote access services Eliminate unnecessary data Change default credentials of POS systems and other Internet-facing devices Ensure essential controls are met and regularly check that they remain so Monitor and mine event logs If a third party vendor is handling the two items above, make sure they've actually done them Evaluate your threat landscape to prioritize your treatment strategy Cost of Recommended Countermeasures 3% 55% 40% Simple and cheap 63% 31% Unknown Simple and cheap Intermeadiate Intermeadiate 3% 5% Difficult and Expensive Difficult and Expensive PRAETORIAN G U A R D Network Management, Network Monitoring, and User Monitoring Software Source: http://www.verizonbusiness.com (2012 DATA BREACH INVESTIGATIONS REPORT) www.praetorianguard.net Accommodation & Food Services Retail Trade Finance and Insurance Health Care and Social Assistance Information Other Finance and Insurance Information Retail Trade Manufacturing Public Administration 3 Transportation and Warehousing Other