& cplSiteName &

Verizon Offers Industry-Specific Security Advice

Carol Wilson
4/22/2014
50%
50%

Seven years into publishing its annual analysis of data breach information, Verizon is taking a new approach, combining big data analysis with 10 years of data breach records to produce information specific industries can use to make their networks safer. (See Verizon DBIR Focuses Security by Industry.)

The 2014 Data Breach Investigations Report, known as the DBIR, goes beyond what past reports have delivered, says Verizon Enterprise Solutions 's Marc Spitler, senior analyst and DBIR co-author, to give enterprises more information on which they can act. After analyzing 63,000 incidents and 1,600 confirmed data breaches, Verizon determined that 90% of these fall into one of nine incident patterns. (By the way, you can download a copy of the report here.)

"These incidents patterns are analyzed, and they are mapped to particular industries, because we believe that will make it more actionable to those industries," Spitler says. "We think this is the proper evolution of what we are doing because people want more analysis and more advice on what to do."

By focusing on the type of incidents that most often affect their specific industry segment, enterprises can make more efficient use of the information Verizon is providing. That's particularly important because most industries are hit harder by a limited number of attack types, Spitler says.

What Verizon found is that most industries face the greatest threat from only three of the nine data threat patterns. Those patterns are:

  • Crimeware: malware intended to gain control of systems
  • Insider/privilege misuse
  • Physical theft/loss
  • Cyber-espionage
  • Denial-of-service attacks
  • Web app attacks
  • Point-of-sale intrusions
  • Payment card skimmers
  • Miscellaneous errors such as directing email to the wrong person

That's not to say the 2014 DBIR isn't full of its usual juicy tidbits about trends in cybercrime, because it is. For example, cyber-espionage is up, with the number of incidents reported totaling three times what was reported in 2013, although that is due in part to a greater data set. Many data breaches today happen stealthily and can take a long time to identify, leading to greater damage.

For the first time, the Verizon DBIR chose to address DDOS attacks and found these are getting stronger every year. DDOS attacks compromise network resources and can be either a distraction to the real data breach or an intended disruption of business. Financial services, retail, professional, information, and public sector enterprises all count DDOS attacks among their main threats.

The number one way of getting information remains use of stolen or hacked passwords, and DBIR authors say that makes a strong case for two-factor authentication.

Interestingly, retail point-of-sale attacks, which have been in the news of late, are actually on the wane in terms of volume, the DBIR notes.

Verizon issues its annual DBIR in part to highlight its own Verizon Managed Security Services which delivers, among many other things, two-factor authentication capabilities.

— Carol Wilson, Editor-at-Large, Light Reading

(2)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Carol Wilson
50%
50%
Carol Wilson,
User Rank: Blogger
4/22/2014 | 3:22:35 PM
Re: Social Engineering
One of the DBIR's findings this year is that many data breaches go unnoticed for a substantial period of time. 

Certainly that was the case with many of the retail breaches this year, like the Target and Lord&Taylor incidents. Information gathering can be done over a long period of time, which means the impact of the breach is much greater. 

That puts a premium on not only trying to prevent breaches but on identifying them more quickly, which I think depends more on the ongoing analysis and tracking of LAN and WAN activity. 
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
4/22/2014 | 3:18:32 PM
Social Engineering
Getting stolen or hacked passwords probably comes from phishing attempts. It would seem, in my estimation, one of the easiest ways to procure authentication information. 

Social engineering is a bit different in that oftentimes a user doesn't realize they have been hacked for a long time. This type of intrusion can go unnoticed for a lengthy amount of time, and can reap a treasure trove of information for malicious actors. 
From The Founder
Download our complete guide to de-risking NFV deployment in 2016, including:
  • An eight-step strategy to deploying NFV safely, based on input from the companies that have already started virtualizing their production networks.
  • Interviews with leading executives at Colt, AT&T, Deutsche Telekom, Cisco, Nokia, ZTE, Ericsson and Heavy Reading.
  • Flash Poll
    Live Streaming Video
    Prepping for the Future: Upskill U Explained
    During this short kick-off video, Doug Webster, Vice President of Service Provider Marketing, Cisco, and Light Reading’s CEO & Founder Steve Saunders give an overview of Upskill U.
    Telecom Innovators Video Showcase
    Atrinet's NetACE – Migration to NFV & SDN With NetOps-Driven LSO

    5|4|16   |     |   (0) comments


    At Atrinet's headquarters, Ray Le Maistre sits down with Roy Silon to get an in-depth look into the company's focus and the secret recipe for their success.
    LRTV Huawei Video Resource Center
    Amsterdam ArenA, Powered by Huawei

    5|4|16   |     |   (0) comments


    Huawei's ICT solutions power the state-of-the-art Amsterdam ArenA, turning it into a smart stadium.
    LRTV Interviews
    Testing When There's No 'There' There

    5|4|16   |     |   (0) comments


    The benefits of SDN/NFV are well known, but the transition comes with some challenges, prominent among them is: how do you test a network that has been abstracted and has the potential to be endlessly reconfigurable? Light Reading was at NFV World Congress in Santa Clara, Calif., where we bumped into Mats Nordlund, CEO and co-founder of Netrounds, a Swedish ...
    LRTV Interviews
    Ditching the Slash & the Orchestration Wars

    5|3|16   |     |   (2) comments


    SDN and NFV have been inextricably bound with each other for so long that on a conceptual level, smooshing them together into one catch-all phrase – SDNFV – is now justifiable, according to Dan Pitt, executive director of the Open Networking Foundation (ONF). Light Reading spoke to Pitt at the NFV World Congress, where he explained that the next ...
    LRTV Custom TV
    ZTE TV Connect Highlights

    5|3|16   |     |   (0) comments


    ZTE gives us a tour of its booth and new products at TV Connect in London.
    LRTV Custom TV
    Deluxe's Unified Delivery Solution

    5|3|16   |     |   (0) comments


    Join Alan Breznick of Light Reading and visit the Deluxe booth at NAB! Here you'll find Deluxe's Unified Delivery Solution, OTT video, virtual reality, HDR, 4K and much more!
    LRTV Interviews
    Verizon Puts Gray Boxes in the Shade

    5|2|16   |   04:33   |   (1) comment


    When it comes to the white box trend, "gray" boxes, which have a slight proprietary twist, don't give service providers and end users the advantages they're seeking, according to Verizon's Vice President of Product and New Business Innovation Shawn Hakl.
    LRTV Custom TV
    Dealing With a Disrupted Video Market

    5|2|16   |     |   (0) comments


    Ericsson's Simon Frost discusses how traditional pay-TV providers can cope with the big changes wrought by the rise of OTT video and IP technology.
    LRTV Custom TV
    The VNF Responsibility of Red Hat

    5|2|16   |     |   (0) comments


    At MWC, Caroline Chappell of Heavy Reading visits the Red Hat booth and sits down with Chris Wright to talk about the responsibility the VNF needs to take on in order to ensure the operators get the carrier-grade performance they expect for their network.
    LRTV Interviews
    AT&T Expert on the Key Pillars of UC

    4|29|16   |   03:58   |   (0) comments


    Vishy Gopalakrishnan, AVP of product marketing at AT&T, talks about the three developments that are making unified communications and collaboration secure and reliable for enterprise users.
    LRTV Documentaries
    LRTV Report: Mobile Core Innovation

    4|28|16   |   25:32   |   (0) comments


    Hear from multiple industry experts from Deutsche Telekom, SK Telecom, Heavy Reading, Huawei, Cisco, Ericsson, Nokia, NEC and many more about developments in the mobile core as operators virtualize their IMS and evolved packet core systems and prepare for a 5G world.
    LRTV Huawei Video Resource Center
    NFV World Congress Highlight

    4|26|16   |     |   (0) comments


    The highlight of the NFV World Congress contains exciting telecom news. Join us for an inside look at Huawei's ICT 2020 plan and its latest collaboration with industry leaders.
    Upcoming Live Events
    May 23, 2016, Austin, TX
    May 23, 2016, Austin Convention Center
    May 24-25, 2016, Austin Convention Center, Austin, TX
    September 13-14, 2016, The Curtis Hotel, Denver, CO
    December 6-8, 2016,
    June 16-18, 2017, Austin Convention Center, Austin, TX
    All Upcoming Live Events
    Infographics
    A new survey conducted by Heavy Reading and TM Forum shows that CSPs around the world see the move to digital operations as a necessary part of their overall virtualization strategies.
    Hot Topics
    WiCipedia: Woman Cards & Bitch Switches
    Sarah Thomas, Director, Women in Comms, 4/29/2016
    Amazon AWS Reports $2.6B Quarterly Revenue, Up a Colossal 64%
    Mitch Wagner, West Coast Bureau Chief, Light Reading, 4/28/2016
    Sprint CEO: Our Spectrum Is for 5G
    Dan Jones, Mobile Editor, 5/3/2016
    Amazon & Other 'Big 4' Cloud Providers Crushing Competitors
    Mitch Wagner, West Coast Bureau Chief, Light Reading, 4/29/2016
    FCC Poised to Re-Regulate Wholesale Access
    Carol Wilson, Editor-at-large, 4/28/2016
    Like Us on Facebook
    Twitter Feed
    BETWEEN THE CEOs - Executive Interviews
    In this latest installment of the CEO Chat series, Craig Labovitz, co-founder and CEO of Deepfield, sits down with Light Reading's Steve Saunders in Light Reading's New York City office to discuss how Deepfield fits in with the big data trend and more.
    Grant van Rooyen, president and CEO of Cologix, sits down with Steve Saunders, founder and CEO of Light Reading, in the vendor's New Jersey facility to offer an inside look at the company's success story and discuss the importance of security in the telecom industry.
    Animals with Phones
    Sloth Mail Click Here
    Sloth mail -- somehow even slower than snail mail.
    Live Digital Audio

    Of all the tech companies in the Valley, Intel has made the most aggressive commitment to building a diverse and inclusive workplace culture. It's doing so by taking concrete, measurable steps, making a large financial investment and through a commitment to complete transparency about its progress. In this radio show, WiC Director Sarah Thomas will be joined by Shlomit Weiss, Intel's Vice President, Data Center Group, and General Manager of Networking Engineering, who will share with us why Intel is tackling this huge challenge, how and to what effect. She will also discuss her unique experiences leading development of Client SOC development in the past and today leading development of all of the chipmaker's silicon hardware for networking IPs and discrete devices and managing a team of 600 engineers across Israel, Europe and the US.