Chief Technology Officer/CISO
Verizon’s 2019 Data Breach Investigations Report (DBIR) was published last week and continues to be one of the most valuable annual “state of the union” reports in the security. This year’s report is the most extensive to date, with 73 contributors and an analysis of 41,686 security incidents including 2,013 confirmed breaches. At DataEndure, we use the insight from this report to validate what we are seeing in the market, and to help us anticipate where our services and investments might need to adapt.
Show me the Money!
One interesting narrative from this year – and one we talk to our clients about frequently – is that everything but nothing changes. To quote Alex Pinto, Verizon’s head of security research, “the more things change, the more they stay the same…The hackers still hack servers and still deliver phishing emails; but they move to the easier targets with greater returns.”
Translation: we will continue to see specific targets and attack locations change, but ultimately the tactics used by the criminals remain the same. Where and when they see a strength developed against one style of attack, they will adapt and look for the next least path of resistance. “It’s the game of security,” said Pinto. “We make something harder, so the criminals switch to the next easiest thing that will keep their money flowing.” The way cyberattackers infect the network is constantly changing; and it has proven successful for the bad guys.
To further support this, the research shows an increasing phishing focus on senior management – the most direct path to the money. Executives are six times more likely to be a target of social engineering than they were only a year ago; and, C-level executives are 12 times more likely to be the target. Among our customer environments, we are seeing attacks so sophisticated that even the most diligent employees can be deceived.
Think It’s Not About You? Think Again
The 2019 report found that small businesses made up 43% of breaches – a dire warning to avoid the assumption that they are “too small to be targeted” or that they can’t afford to put security procedures in place. Like it or not, every organization is potentially vulnerable and should take steps to protect their employees and their data.
To misquote the song: Time <is not> On Your Side
A trend that, unfortunately, continues: more than half of all organizations are taking months or longer to discover breaches – a “dwell time” average that improves the chances of adversaries making off with key intellectual property or credentials, or siphoning funds. “The time from the attacker’s first action in an event chain to the initial compromise of an asset is typically measured in minutes. Conversely, the time to discovery is more likely to be months,” according to the report.
Other Report Highlights
Financially motivated attacks continue to dominate the security landscape, comprising about 70 percent of attacks.
- Mobile users are more vulnerable than desktop users.
- As services (and valuable/sensitive data) move to the cloud, attackers are following.
- Increases in compromise of cloud-based servers using stolen credentials have increased as more target data resides on those servers.
- HR is less of a target than in prior years.
- Nation state-affiliated incidents and breaches are on the rise.
- Email is still the main delivery vector for malware in almost every industry demographic.
- Office docs are still the most common file vector. However, this is much more industry-specific.
- Attack vectors when breaching servers versus desktop environments vary both by device type and function.
- Server hacks tend to use stolen credentials and tend to focus on mail servers.
- Desktop attacks are more likely to use social engineering + malware.
Cybercrime is not going away; and whether you like it or not, your organization is in the “data security” business. Developing the right mix of people, process and technologies, whether in-house or through managed security services, will be critical to your organization’s ability to “survive and thrive” in this dynamic landscape.
- Don’t underestimate the importance of timely detection and response to reduce the duration that an attacker is within your organization can mean the difference between lost productivity, revenue and data or a catastrophic data breach.
- Have access and awareness to known adversarial behaviors and patterns attackers employ when compromising networks. “With data now on over 375,000 incidents and over 17,000 data breaches, the numbers reveal that 98.5% of security incidents and 88% of data breaches continue to find a home within one of the original nine patterns.” – Verizon 2019 DBIR
- Understand how credentials are normally used and be able to monitor and escalate when they are being used in an anomalous fashion.
- Knowledge is power: develop a continuing education plan to promote your employees into your defense plan by giving the knowledge they need to identify and report suspect activity.