Light Reading

Verizon Offers Industry-Specific Security Advice

Carol Wilson
4/22/2014
50%
50%

Seven years into publishing its annual analysis of data breach information, Verizon is taking a new approach, combining big data analysis with 10 years of data breach records to produce information specific industries can use to make their networks safer. (See Verizon DBIR Focuses Security by Industry.)

The 2014 Data Breach Investigations Report, known as the DBIR, goes beyond what past reports have delivered, says Verizon Enterprise Solutions 's Marc Spitler, senior analyst and DBIR co-author, to give enterprises more information on which they can act. After analyzing 63,000 incidents and 1,600 confirmed data breaches, Verizon determined that 90% of these fall into one of nine incident patterns. (By the way, you can download a copy of the report here.)

"These incidents patterns are analyzed, and they are mapped to particular industries, because we believe that will make it more actionable to those industries," Spitler says. "We think this is the proper evolution of what we are doing because people want more analysis and more advice on what to do."

By focusing on the type of incidents that most often affect their specific industry segment, enterprises can make more efficient use of the information Verizon is providing. That's particularly important because most industries are hit harder by a limited number of attack types, Spitler says.

What Verizon found is that most industries face the greatest threat from only three of the nine data threat patterns. Those patterns are:

  • Crimeware: malware intended to gain control of systems
  • Insider/privilege misuse
  • Physical theft/loss
  • Cyber-espionage
  • Denial-of-service attacks
  • Web app attacks
  • Point-of-sale intrusions
  • Payment card skimmers
  • Miscellaneous errors such as directing email to the wrong person

That's not to say the 2014 DBIR isn't full of its usual juicy tidbits about trends in cybercrime, because it is. For example, cyber-espionage is up, with the number of incidents reported totaling three times what was reported in 2013, although that is due in part to a greater data set. Many data breaches today happen stealthily and can take a long time to identify, leading to greater damage.

For the first time, the Verizon DBIR chose to address DDOS attacks and found these are getting stronger every year. DDOS attacks compromise network resources and can be either a distraction to the real data breach or an intended disruption of business. Financial services, retail, professional, information, and public sector enterprises all count DDOS attacks among their main threats.

The number one way of getting information remains use of stolen or hacked passwords, and DBIR authors say that makes a strong case for two-factor authentication.

Interestingly, retail point-of-sale attacks, which have been in the news of late, are actually on the wane in terms of volume, the DBIR notes.

Verizon issues its annual DBIR in part to highlight its own Verizon Managed Security Services which delivers, among many other things, two-factor authentication capabilities.

— Carol Wilson, Editor-at-Large, Light Reading

(2)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Carol Wilson
50%
50%
Carol Wilson,
User Rank: Blogger
4/22/2014 | 3:22:35 PM
Re: Social Engineering
One of the DBIR's findings this year is that many data breaches go unnoticed for a substantial period of time. 

Certainly that was the case with many of the retail breaches this year, like the Target and Lord&Taylor incidents. Information gathering can be done over a long period of time, which means the impact of the breach is much greater. 

That puts a premium on not only trying to prevent breaches but on identifying them more quickly, which I think depends more on the ongoing analysis and tracking of LAN and WAN activity. 
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
4/22/2014 | 3:18:32 PM
Social Engineering
Getting stolen or hacked passwords probably comes from phishing attempts. It would seem, in my estimation, one of the easiest ways to procure authentication information. 

Social engineering is a bit different in that oftentimes a user doesn't realize they have been hacked for a long time. This type of intrusion can go unnoticed for a lengthy amount of time, and can reap a treasure trove of information for malicious actors. 
Educational Resources
sponsor supplied content
Educational Resources Archive
Flash Poll
From The Founder
Last week I dropped in on "Hotlanta," Georgia to moderate Light Reading's inaugural DroneComm conference – a unique colloquium investigating the potential for drone communications to disrupt the world's telecom ecosystem. As you will see, it was a day of exploration and epiphany...
LRTV Documentaries
Verizon's Emmons: SDN Key to Cost-Effective Scaling

5|22|15   |   03:53   |   (0) comments


For Verizon and other network operators to ramp up available bandwidth cost effectively, they need to move to SDN and agree on how to do that.
LRTV Documentaries
Lack of Universal SDN a Challenge

5|21|15   |   04:51   |   (3) comments


Heavy Reading Analyst Sterling Perrin talks about how uncertainty about SDN standards and approaches may be slowing deployment.
LRTV Custom TV
Steve Vogelsang Interview: Carrier SDN

5|20|15   |   05:02   |   (0) comments


Sterling Perrin speaks to Steve Vogelsang, Alcatel-Lucent CTO for IP Routing & Transport business, about the new Carrier SDN-enabling Network Services Platform and the operator challenges it solves.
LRTV Custom TV
Carrier SDN: On-Demand Networks for an On-Demand World

5|20|15   |   20:52   |   (0) comments


Steve Vogelsang, Alcatel-Lucent CTO for IP Routing & Transport business, talks about requirements and benefits of Carrier SDN during the keynote address at the Light Reading Carrier SDN event May 2015.
LRTV Documentaries
The Security Challenge of SDN

5|19|15   |   02:52   |   (0) comments


CenturyLink VP James Feger discusses concerns that virtualization could create new vulnerabilities unless network operators build in safeguards.
LRTV Custom TV
NFV Elasticity – Highly Available VNF Scale-Out Architectures for the Mobile Edge

5|18|15   |   5:50   |   (0) comments


Peter Marek and Paul Stevens from Advantech Networks and Communications Group talk about their NFV Elasticity initiative and the company's latest platforms for deploying virtual network functions at the edge of the network. Packetarium XL and the new Versatile Server Module: 'designed to reach parts of the network that other servers cannot reach.'
LRTV Huawei Video Resource Center
Bay Area Spark Meetup 2015

5|14|15   |   3:54   |   (0) comments


Developed in 2009, Apache Spark is a powerful open source processing engine built around speed, ease of use and sophisticated analytics. This spring, Huawei hosted a meetup for Spark developers and data scientists in Santa Clara, California. Light Reading spoke with organizers and attendees about Huawei's code contributions and long-term commitment to Spark.
LRTV Custom TV
The Transport SDN Buzz

5|12|15   |   06:01   |   (1) comment


Sterling Perrin, senior analyst at Heavy Reading, speaks with Peter Ashwood-Smith of Huawei and Guru Parulkar of ON.Lab about the evolution of transport SDN and the integration of technologies.
LRTV Custom TV
Next-Generation CCAP: Cisco cBR-8 Evolved CCAP

5|5|15   |   04:49   |   (0) comments


John Chapman, Cisco's CTO of Cable Access Business Unit and Cisco Fellow, explained the innovation design of Cisco's cBR-8, the industry's first Evolved CCAP, including DOCSIS 3.1 design from ground-up, distributed CCAP with Remote PHY and path to virtualization. Cisco's cBR-8 Evolved CCAP is the platform that will last through the transitions.
LRTV Custom TV
Meeting the Demands of Bandwidth & Service Group Growth

5|1|15   |   5:35   |   (0) comments


Jorge Salinger, Comcast's Vice President of Access Architecture, explains how DOCSIS 3.1 and multi-service CCAP can meet the demands of the bandwidth and service group growth.
LRTV Custom TV
DOCSIS 3.1: Transforming Cable From Hardware-Defined Network to Software-Defined Network

4|29|15   |   03:48   |   (0) comments


John Chapman, Cisco's CTO of Cable Access Business Unit and Cisco Fellow, explains how DOCSIS 3.1 can transform cable HFC network to a more agile software-defined network.
LRTV Huawei Video Resource Center
Predicting Traffic Patterns for Quality Mobile Broadband

4|29|15   |   6:45   |   (0) comments


Accessing information ubiquitously creates complexity and creates heavy traffic onto the network, especially at large-scale events like sporting events or festivals. In this video, Huawei's Mohammad Hussain speaks to experts about how to predict traffic and improve user experience during periods of heavy traffic.
Upcoming Live Events
June 8, 2015, Chicago, IL
June 9, 2015, Chicago, IL
June 9-10, 2015, Chicago, IL
June 10, 2015, Chicago, IL
September 29-30, 2015, The Westin Grand Müchen, Munich, Germany
October 6, 2015, The Westin Peachtree Plaza, Atlanta, GA
October 6, 2015, Westin Peachtree Plaza, Atlanta, GA
All Upcoming Live Events
Infographics
Network functions virtualization (NFV) is not the easiest of topics to take on board, so here's a Light Reading infographic, developed following conversations with the folks at HP, that helps make sense of where NFV is taking the industry.
Hot Topics
10 Alternate Uses for Tablets
Eryn Leavens, Copy Desk Editor, 5/22/2015
Bidding War for TWC Looks Likelier
Alan Breznick, Cable/Video Practice Leader, 5/22/2015
Verizon Saves 60% Swapping Copper for Fiber
Sarah Thomas, Editorial Operations Director, 5/19/2015
Comcast Targets 6 New Gigabit Markets
Mari Silbey, Senior Editor, Cable/Video, 5/21/2015
Chattanooga Charts Killer Gigabit Apps
Mari Silbey, Senior Editor, Cable/Video, 5/20/2015
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
With 200 customers in 60 countries, Stockholm-based Net Insight has carved out a solid leadership position in one of the hottest vertical markets going in comms right now: helping service providers and broadcasters deliver video and other multimedia traffic over IP networks. How has Net Insight managed to achieve this success in the face of immense competition from the industry giants?
My ongoing interview tour of the leading minds of the telecom industry recently took me to Richardson, Texas, where I met with Rod Naphan, CTO and SVP, Solutions, ...
I recently popped down to Texas to chat with CEO Eric L. Pratt about his company, Taqua.
Cats with Phones
Too Fluffy to Talk Click Here
Elmer found that his bountiful fur got in the way of meaningful conversation.