Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Verizon: The Truth About Data Breaches

F.Y. Teng | Feb. 28, 2013
The global connectivity vendor has mighty interesting insights to share in its 2013 Data Breach Investigations Report.

Verizon Enterprise Solutions, a global provider of connectivity and cloud solutions and services, put out a preview on Thursday (February 27, 2013) of its 2013 Data Breach Investigations Report (DBIR)< http://www.verizonenterprise.com/2013dbir>, wherein the following are shared.

  • "79 percent of attacks are opportunist"-with most attacks being "actually quite unsophisticated and conducted from a distance," often from Eastern Europe.
  • "96 percent of attacks are motivated by financial or personal gain"-with "POS systems and customer payment details [as] the most common targets."
  • "22 percent of incidents in larger organisations involved social tactics"-that is, the perpetrators targeted "humans" and breached defences with "phishing and other social engineering attacks."
  • "85 percent of attacks took weeks or more to discover"-with the "more" sometimes being months or even years."
  • "97 percent of data breaches could be avoided by simple or intermediary controls"-with the "most common exploits used by criminals" being "easy-to-guess passwords."

Verizon executives said on Thursday that the full 2013 DBIR will be released in spring (sometime in April, perhaps), and "will study security events such as distributed denial of service attacks, network intrusion, insider misuse, and attacks against the energy and critical infrastructure sectors."

They also said that this year's report has the input and coverage of 19 security organisations (to be compared to the mere six in the 2012 edition): CERT Insider Threat Center (of Carnegie Mellon University); Consortium for Cybersecurity Action; Danish Ministry of Defence, Center for Cybersecurity; Danish National Police, NITES (National IT Investigation Section); Deloitte; Electricity Sector Information Sharing and Analysis Center (ES-ISAC); European Cyber Crime Center (EC3); G-C Partners, LLC; Guardia Civil (Civil Guard of Spain); Industrial Control Systems Cyber Emergency Response Team (ICS-CERT);  Malaysia Computer Emergency Response Team (MyCERT); CyberSecurity Malaysia; National Cybersecurity and Communications Integration Center (NCCIC) ; ThreatSim; the US Computer Emergency Readiness Team (US-CERT); Australian Federal Police; Dutch High Tech Crime Unit (NHTCU) ; Irish Reporting and Information Security Service (IRISS-CERT); U.S. Secret Service; and the Verizon RISK (Research Investigations Solutions Knowledge) team.

 

Sign up for CIO Asia eNewsletters.