Knowing the enemy and the tactics they use is key when it comes to defending your network and data from attacks.
In 2014, the Annual Verizon Data Breach Investigation Report identified nine attack patterns of a data breach. Released earlier this month, the 2017 DBIR shows that since 2014, 88% of data breaches fall into those same nine patterns. Understanding these patterns can help you identify your security weak spots and take the necessary steps to prevent becoming a victim of a data breach:
Crimeware: Instances involving malware that did not fit into a more specific pattern. In the 2014 report, ransomware was the 22nd most common form of malware. This year, it is number five, as well as the most common in the Crimeware pattern.
Cyber-espionage: Attacks with the motive of espionage and/or linked to state-affiliated actors. Malicious emails are often used to quickly steal user information and passwords, but in case of cyber-espionage the initial email is followed by tactics to remain undetected while the desired information is gathered.
Insider and Privilege Misuse: Any unapproved or malicious use of organizational resources. In 60% of cases, insiders steal data in the hopes of selling it in the future. Other misuse includes unsanctioned snooping (17%) and taking data to a new employer/start a rival company (15)%).
Miscellaneous Errors: Unintentional actions that directly compromised the security of company data. Data loss through errors may seem innocuous, but these errors can be harmful – especially when it’s a customer who makes you aware of the slip-up (76%).
Physical Theft and Loss: Any incident where physical assets went missing—deliberately or accidentally. Measures such as encryption can stop theft and loss incidents from becoming breaches. But encryption can’t always help –the majority of confirmed breaches involved the loss of hardcopy documents.
Denial of Service: Any attack intended to compromise networks and system availability. The majority of DDoS attacks (98%) are aimed at large organizations. While most attacks are over within a couple of days, there are some unlucky entities that are attacked constantly. Connected IoT devices have been used in DDoS attacks.
Web Application Attacks: Any incident which uses a web-based application as the means of attack. Not all websites hold payment card data, but they still often request users to sign up: submitting their names, addresses and other information. Attackers use these attacks to grab personal data and credentials to use elsewhere.
Point of Sale Intrusions: Remote attacks against Point-of-Sale (POS) terminals and controllers. Nearly 98% of all recorded POS attacks resulting in a confirmed data breach. The focus of attacks has shifted from hotel chains to restaurants and small businesses.
Payment Card Skimmers: All incidents where a skimming device was placed on a payment card reader. ATMs continue to be the main target for skimming, the number of gas pump terminals used to harvest payment card information more than tripled compared to last year’s report.
The Verizon Data Breach report also contains a “catch-all category”, labeled everything else, but that doesn’t mean there aren’t interesting and important trends. A key emerging tactic is email compromises: where “the CEO” orders wire transfers with an urgent and believable back story.
When you consider six of the nine patters (and the majority of the “catch-all” category) are targeting your end users, it’s easy to see how 95% of data breaches are a result of end user actions.
Educating your staff is key to any effective network security strategy – and in an effort to help our clients protect their networks and the data they contain, we are excited to offer our new breach protection platform PII Protect.
This service takes our end user training to the next level and includes:
Online Security Training – convenient and engaging, this training is designed to help your employees identify the latest threats.
Simulated Phishing Attacks – discover which of your employees are falling for phishing emails.
Unlimited Dark Web Scans – so you’ll know how many of your email address and passwords are for sale on the Dark Web.
Security Risk Assessment – to help you identify weak spots and minimize the risk of a data breach.
Online Security Portal – provides access to written policies, training reports and other vital information.
Pivotal IT is here to help you implement a cybersecurity strategy customized for your business needs- contact us today!