The 2016 Verizon DBIR is an all-encompassing look at a years’ worth of cyber related attacks. The most compelling statistic from the 2016 report states that in 93% of cases it only took an attacker minutes to compromise systems and networks, but weeks or months for the affected company to even realize that an incident had occurred. What does this say about our detection and mitigation strategies as an industry? What we do know is that attackers typically exploit the easiest routes to breach a system: weak passwords, open shares, unpatched systems, and inadequate user training.
The 2016 Verizon DBIR also details the spread of a most malicious form of malware, ransomware. Ransomware can encrypt over 70 types of files. Apple devices have often been considered generally immune to malware, but Palo Alto Networks recently reported that ransomware had been discovered on OS X systems. Once encrypted, the targeted files can only be recovered with a key provided by the hackers. Paying the ransom is risky: the hackers demand payment upfront but who will force them to deliver the key needed to unencrypt the files?
The report also sheds light on the fact that most organizations are ill-prepared to detect, remediate, or protect against attacks. However, technology exists to solve the problems, and hiring properly educated people who follow well-defined processes is essential to securing sensitive data. It appears that breaches continue to happen because security is not typically viewed as a revenue-generating function for an organization. Many companies falsely feel secure in their obscurity and supposedly “safe” not having been breached, protected by whatever security controls they have in place. What these companies need to remember is that the question is not if a breach will occur, but when.
A perfect example of this is the recent, highly publicized breach known in the media as “The Panama Papers”. Mossack Fonseca was breached and the debate will continue for some time as to whether the attack was an inside job or one orchestrated from the outside. Approximately 2.6 terabytes of data and 11.5 million documents were leaked in this breach, which are staggering figures. It has been estimated that it will take several years to go through all of the information that was made public. Mossack Fonseca is now yet another name added to the growing list of breached companies around the world.
The 2016 Verizon Data Breach Investigations Report is far from optimistic, but it is realistic. Considering the year-over-year increase in the number of breaches, the established and reliable methods attackers are using to gain entry, and the financial rewards attackers may enjoy when successful, organizations need to work ever harder to defend themselves.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Brad Bussie is an award winning fifteen year veteran of the information security industry. He holds an undergraduate degree in information systems security and an MBA in technology management. Brad possesses premier certifications from multiple vendors, including the CISSP from ISC2. He has a deep background architecting solutions for identity management, governance, recovery, migration, audit, and compliance. Brad has spoken at industry events around the globe and has helped commercial, federal, intelligence, and DoD customers solve complex security issues.