Verizon Report Seeks to Debunk 2013 Predictions

December 19, 2012

After a record-low of four million in the 2011 Verizon Data Breach Investigations Report, the number of compromised records skyrocketed back up to 174 million in this year's report – which puts 2011 in second-place for the highest data loss since the report began in 2004.

The most likely threats involve authentication attacks and failures, continued espionage and “hacktivism” attacks, Web application exploits and social engineering, the report states.

The report notes that outsiders are still dominating the scene (98 percent) of corporate data theft, but activist groups created a fair share of mayhem in 2011 as well – they stole more data than any other group (58 percent). Insider incidents declined again to a comparatively scant 4 percent, down 13 percent from 2010.

In a big leap up, 81 percent of breaches utilized some form of hacking (a 31 percent increase), and 69 percent incorporated malware (20 percent increase). According to the report, many attacks circumvent authentication by combining stolen or guessed credentials (to gain access) with backdoors (to keep access). However, there were fewer ATM and gas pump skimming cases this year, which lowered the ratio of physical attacks 19 percentage points – now only 10 percent of breaches involved a physical attack.

Findings continue to show that target selection is based more on opportunity than choice – most victims fell prey because they were found to possess an exploitable weakness rather than because they were specifically targeted.

79 percent were targets of opportunity (-4%)
96 percent of attacks were not highly difficult (+4%)
94 percent of all data compromised involved servers (+18%)
85 percent of breaches took weeks or more to discover (+6%)
92 percent of incidents were discovered by a third party (+6%)
97 percent of breaches were avoidable through simple or intermediate controls (+1%)
96 percent of victims subject to PCI DSS had not achieved compliance (+7%)

The report also notes suggestions to mitigate data risks.

Smaller organizations

Implement a firewall or ACL on remote access services
Change default credentials of POS systems and other Internet-facing devices
If a third-party vendor is handling the two items above, make sure they’ve actually done them

Larger organizations

Eliminate unnecessary data; keep tabs on what’s left
Ensure essential controls are being met; verify regularly
Monitor and mine event logs
Evaluate your threat landscape to prioritize your treatment strategy

You can read or download the full report here.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Verizon Report Seeks to Debunk 2013 Predictions

Related Articles

Related Products

Report Abusive Comment