5/26/2016

DE Reviews: Verizon Security Breach Report

Every year, Verizon partners with companies to in order to provide and publish security information to the public. This Security Breach Report includes the number of security breaches, the types of attaches, as well as successful attacks. Although this information may not be 100% accurate, as some of the industries are not obligated to report their internal information or they do not record this information, however the trend is extremely interesting.

I would like to outline a few things. Number one, the largest target for these attacks are financial institutions and the government, with the finance industry as the most attacked. Second to these industries would be social media, entertainment industry, and retail stores.

The three biggest factors are hacking, sending malware to infect computers and then social. Compared to these three, everything else is relatively small. Another point of interest is the amount of attacks on physical servers and infrastructure are going down. Which essentially means that IT groups are making great efforts to defend from frontal attacks. Additionally, what is on the rise is attacks on personal devices.  The idea is that “I want to attack your droid or your iPhone or your iPad and then when you take this iPad to your office and connect to the office, this iPad will affect systems from within then spread and steal data”.

Another item that we want to highlight is that the infiltration or breaching affecting these local systems happened in hours or even in minutes, but identifying and remediating the problem can take days. So although it might be hard for hackers to get in, once they are there they can get their work done very quickly. While we as IT groups protect very well, as soon as we miss something, it will take a very long time to identify, heal, and recover from the bullet that we just got through our armor.  I believe that over the next few years, that this will be a very hot subject, which will help focus on identifying if something went through and hopefully causing the remediation process to become much faster.

In addition, this report still shows that some vulnerabilities are still exploitable. Vulnerabilities from 2005 are still exploitable and still exist on the internet. So what hackers are doing is arming and preparing ammo for those vulnerabilities, just “preying” through the internet looking for a fish. So, when IT departments implement strong patching policies, they can successfully prevent successful security breaches.

We also took two pieces of data that the report compiled that provided our own analysis on the amount of attacks reported by the industry and reported successful attacks. That percentage would show the type of the industry that was attacked (it's not an accurate  number because the samples are very different – for example financial companies are much more often attacked, then let's say construction or agriculture,) but still this gives us a way to assess how industries are protected, so we were very surprised that more than 50% of attacks on the financial industry were successful and this more or less is a concrete number because financial industries are mandated to report security attacks and especially successful security breaches. So still very high. And the leading divorce of readiness is shown by the retail industry, where 86% of attacks are successful, perhaps this is because not all attacks are reported. For example, the retail industry is not obligated to report all attacks, but still the numbers are very high, which is probably due to the small size of the companies, because these small shops can just throw together any small website using any local small blender or go on Amazon where attacks through them are much easier because these small retails don't have the same amount of protection that a big financial institution would deploy.  

Below is a chart compiling the analysis of reported attacks and successful attacks by industry, as previously referenced.  

Industry

Number of Attempted Attacks

Number of Successful Attacks

Percentage of Successful Attacks

Accommodation

362

282

77.9%

Administrative

44

18

40.91%

Agriculture

4

1

25%

Construction

9

4

44.44%

Educational

254

29

11.41%

Entertainment

2,707

38

1.40%

Finance

1,368

795

58.11%

Healthcare

166

115

69.28%

Information

1,028

194

18.87%

Management

1

0

0%

Manufacturing

171

37

21.64%

Mining

11

7

63.64%

Other Services

17

11

64.71%

Professional

916

53

5.79%

Public

47,237

193

0.41%

Real State

11

5

45.45%

Retail

159

137

86.16%

Trade

15

4

26.67%

Transportation

31

15

48.39%

Utilities

24

7

29.17%

Unknown

9,453

270

2.82%

 

Conclusion

We feel that the concentration of IT departments should be focused on hardening the mechanisms of protection from intruders, but additionally, they should be working on collecting data to speed up the identification of a breach process and the remediation of the breach. In this area, many industries have a long way to go to be able to defend themselves, where the industry would be okay if only 10% or 20% attacks would go through, but not 80% of the attacks.

So what is the key knowledge of defending ourselves from the hackers? There are 3 factors that IT professionals should be concentrating on at this time:

  1. Visibility. With the tools such as Big Data, more information can be collected and be available for alerting, in addition to analysis.
  2. Security Intelligence. The security information collected with big data tools should be aggregated and enriched by Structured Threat Information through STIX/TAXII mechanisms for alerting, automatic decision making, as well as future analysis.  
  3. Analysis. Security Event and Incident Management Systems should allow CIRT (computer incident report team) to analyze incidents quickly.

We suggest that everyone reads the full report. The link can be found through Digital Edge’s website.

Verizon is doing an excellent job collecting these statistics and compiling the data to help keep all of us informed.

Please stay safe everyone!

 

 

Was this article helpful?
Vlad Vaulin
Manager, Advanced Support Implementations Group

Vlad Vaulin joined the Digital Edge Team in 2008 as a Systems Administrator, bringing with him, top-tier knowledge in Technical Management, Technical Understanding, Analyzing Information, Knowledge Transfer, Delegation, Problem Solving, Data Center Management, Coordination, Strategic Planning, and Quality Management. Since 2011, Vlad has expertly lead his team as an Implementation Manager, driving overall effectiveness and efficiency by defining, delivering, and supporting strategic plans for implementing information technologies. Additionally, Vlad is a Certified VMware Professional 5 – Data Center Virtualization, since February 2013.

LET'S TALK: 800-714-5143