Light Reading
Using its annual Data Breach Investigative Report, Verizon tells 18 different industries what they most need to fear - and protect against.

Verizon Offers Industry-Specific Security Advice

Carol Wilson
4/22/2014
50%
50%

Seven years into publishing its annual analysis of data breach information, Verizon is taking a new approach, combining big data analysis with 10 years of data breach records to produce information specific industries can use to make their networks safer. (See Verizon DBIR Focuses Security by Industry.)

The 2014 Data Breach Investigations Report, known as the DBIR, goes beyond what past reports have delivered, says Verizon Enterprise Solutions 's Marc Spitler, senior analyst and DBIR co-author, to give enterprises more information on which they can act. After analyzing 63,000 incidents and 1,600 confirmed data breaches, Verizon determined that 90% of these fall into one of nine incident patterns. (By the way, you can download a copy of the report here.)

"These incidents patterns are analyzed, and they are mapped to particular industries, because we believe that will make it more actionable to those industries," Spitler says. "We think this is the proper evolution of what we are doing because people want more analysis and more advice on what to do."

By focusing on the type of incidents that most often affect their specific industry segment, enterprises can make more efficient use of the information Verizon is providing. That's particularly important because most industries are hit harder by a limited number of attack types, Spitler says.

What Verizon found is that most industries face the greatest threat from only three of the nine data threat patterns. Those patterns are:

  • Crimeware: malware intended to gain control of systems
  • Insider/privilege misuse
  • Physical theft/loss
  • Cyber-espionage
  • Denial-of-service attacks
  • Web app attacks
  • Point-of-sale intrusions
  • Payment card skimmers
  • Miscellaneous errors such as directing email to the wrong person

That's not to say the 2014 DBIR isn't full of its usual juicy tidbits about trends in cybercrime, because it is. For example, cyber-espionage is up, with the number of incidents reported totaling three times what was reported in 2013, although that is due in part to a greater data set. Many data breaches today happen stealthily and can take a long time to identify, leading to greater damage.

For the first time, the Verizon DBIR chose to address DDOS attacks and found these are getting stronger every year. DDOS attacks compromise network resources and can be either a distraction to the real data breach or an intended disruption of business. Financial services, retail, professional, information, and public sector enterprises all count DDOS attacks among their main threats.

The number one way of getting information remains use of stolen or hacked passwords, and DBIR authors say that makes a strong case for two-factor authentication.

Interestingly, retail point-of-sale attacks, which have been in the news of late, are actually on the wane in terms of volume, the DBIR notes.

Verizon issues its annual DBIR in part to highlight its own Verizon Managed Security Services which delivers, among many other things, two-factor authentication capabilities.

— Carol Wilson, Editor-at-Large, Light Reading

(2)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Carol Wilson
50%
50%
Carol Wilson,
User Rank: Blogger
4/22/2014 | 3:22:35 PM
Re: Social Engineering
One of the DBIR's findings this year is that many data breaches go unnoticed for a substantial period of time. 

Certainly that was the case with many of the retail breaches this year, like the Target and Lord&Taylor incidents. Information gathering can be done over a long period of time, which means the impact of the breach is much greater. 

That puts a premium on not only trying to prevent breaches but on identifying them more quickly, which I think depends more on the ongoing analysis and tracking of LAN and WAN activity. 
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
4/22/2014 | 3:18:32 PM
Social Engineering
Getting stolen or hacked passwords probably comes from phishing attempts. It would seem, in my estimation, one of the easiest ways to procure authentication information. 

Social engineering is a bit different in that oftentimes a user doesn't realize they have been hacked for a long time. This type of intrusion can go unnoticed for a lengthy amount of time, and can reap a treasure trove of information for malicious actors. 
Flash Poll
LRTV Documentaries
Sprint's Network Evolution

7|24|14   |   14:59   |   (0) comments


Sprint's Jay Bluhm gives a keynote speech at the Big Telecom Event (BTE) about Sprint's network and services evolution strategy, including Spark.
LRTV Documentaries
BTE Keynote: The Software-Defined Operator

7|24|14   |   18:43   |   (1) comment


Deutsche Telekom's Axel Clauberg explains the concept of the software-defined operator to the Big Telecom Event (BTE) crowd.
Light Reedy
Numbers Are In: LR's 2014 Salary Survey

7|24|14   |   1:25   |   (5) comments


Our fourth annual Salary Survey paints a picture of who's hiring, firing, earning, and yearning for a change in the telecom industry.
LRTV Custom TV
Driving the Network Transformation

7|23|14   |   4:29   |   (0) comments


Intel's Sandra Rivera discusses network transformation and how Intel technologies, programs, and standards body efforts have helped the industry migration to SDN and NFV.
LRTV Custom TV
Distributed NFV-Based Business Services by RAD

7|18|14   |   5:38   |   (0) comments


With the ETSI-approved Distributed NFV PoC running in the background, RAD's CEO, Dror Bin, talks about why D-NFV makes compelling sense for service providers, and about the dollars and cents RAD is putting behind D-NFV.
LRTV Custom TV
MRV Accelerating Packet Optical Convergence

7|15|14   |   6:06   |   (0) comments


Giving you network insight to make your network smarter.
LRTV Custom TV
NFV-Enabled Ethernet for Generating New Revenues

7|15|14   |   5:49   |   (0) comments


Cyan's Planet Orchestrate allows service providers and their end-customers to activate software-based capabilities such as firewalls and encryption on top of existing Ethernet services in just minutes.
LRTV Custom TV
Symkloud NVF-Ready Video Transcoding, Big Data

7|9|14   |   3:41   |   (0) comments


Kontron and ISV partner Vantrix demonstrate high-performance video transcoding and data analytic solutions on same 2U standard platform that is ready for SDN and NFV deployments made by mobile, cable and cloud operators.
LRTV Huawei Video Resource Center
The Evolving Role of Hybrid Video for Competitive Success

7|4|14   |   4:09   |   (0) comments


At Huawei's Global Analysts Summit in Shenzhen, China, Steven C. Hawley from TV Strategies speaks to us about the evolving role of hybrid video for competitive success.
LRTV Huawei Video Resource Center
How CSPs Leverage Big Data in the Digital Economy

7|4|14   |   4:48   |   (2) comments


Justin van der Lande from Analysys Mason shares with us his views on how telecom operators can leverage customer asset monetization with big data. His discusses the current status of big data applications and the challenges and opportunities for telecom operators in the digital economy era.
LRTV Huawei Video Resource Center
Accelerator for Digital Business Future Oriented BSS

7|4|14   |   3:08   |   (0) comments


Mobile and internet are becoming intertwined; IT and CT are integrating; and leading CSPs have begun to transform to information service and entertainment providers. How should the BSS system evolve to enable this transformation? Karl Whitelock, an analyst at Frost & Sullivan, shares his views.
LRTV Huawei Video Resource Center
Orange Tunisia Discusses Multi-Band Antenna With EasyRET Solution

7|4|14   |   2:45   |   (0) comments


As new site acquisition becomes more difficult, Orange Tunisia has requested multi-band antenna to support UMTS and LTE innovation. Some things considered include reducing the cost of antenna maintenance and having high reliability antenna and EasyRET solution.
Upcoming Live Events!!
September 16, 2014, Santa Clara, CA
September 16, 2014, Santa Clara, CA
October 29, 2014, New York City
November 11, 2014, Atlanta, GA
December 9-10, 2014, Reykjavik, Iceland
June 9-10, 2015, Chicago, IL
Infographics
Allot's latest MobileTrends Charging Report shows that value-based pricing plans are up from 35% in 2011 to 85% in 2014.
Today's Cartoon
Hot Topics
The Municipal Menace?
Jason Meyers, Senior Editor, Utility Communications/IoT, 7/22/2014
Cisco Puts a Fog Over IoT
Sarah Reedy, Senior Editor, 7/23/2014
GM: 10 Car Models on Road With AT&T's LTE
Dan Jones, Mobile Editor, 7/18/2014
Apple Earnings: Strong iPhone Sales, iPad Sales Slump, $7.8B Profit
Mitch Wagner, West Coast Bureau Chief, Light Reading, 7/22/2014
Like Us on Facebook
Twitter Feed