Light Reading

Verizon Offers Industry-Specific Security Advice

Carol Wilson
4/22/2014
50%
50%

Seven years into publishing its annual analysis of data breach information, Verizon is taking a new approach, combining big data analysis with 10 years of data breach records to produce information specific industries can use to make their networks safer. (See Verizon DBIR Focuses Security by Industry.)

The 2014 Data Breach Investigations Report, known as the DBIR, goes beyond what past reports have delivered, says Verizon Enterprise Solutions 's Marc Spitler, senior analyst and DBIR co-author, to give enterprises more information on which they can act. After analyzing 63,000 incidents and 1,600 confirmed data breaches, Verizon determined that 90% of these fall into one of nine incident patterns. (By the way, you can download a copy of the report here.)

"These incidents patterns are analyzed, and they are mapped to particular industries, because we believe that will make it more actionable to those industries," Spitler says. "We think this is the proper evolution of what we are doing because people want more analysis and more advice on what to do."

By focusing on the type of incidents that most often affect their specific industry segment, enterprises can make more efficient use of the information Verizon is providing. That's particularly important because most industries are hit harder by a limited number of attack types, Spitler says.

What Verizon found is that most industries face the greatest threat from only three of the nine data threat patterns. Those patterns are:

  • Crimeware: malware intended to gain control of systems
  • Insider/privilege misuse
  • Physical theft/loss
  • Cyber-espionage
  • Denial-of-service attacks
  • Web app attacks
  • Point-of-sale intrusions
  • Payment card skimmers
  • Miscellaneous errors such as directing email to the wrong person

That's not to say the 2014 DBIR isn't full of its usual juicy tidbits about trends in cybercrime, because it is. For example, cyber-espionage is up, with the number of incidents reported totaling three times what was reported in 2013, although that is due in part to a greater data set. Many data breaches today happen stealthily and can take a long time to identify, leading to greater damage.

For the first time, the Verizon DBIR chose to address DDOS attacks and found these are getting stronger every year. DDOS attacks compromise network resources and can be either a distraction to the real data breach or an intended disruption of business. Financial services, retail, professional, information, and public sector enterprises all count DDOS attacks among their main threats.

The number one way of getting information remains use of stolen or hacked passwords, and DBIR authors say that makes a strong case for two-factor authentication.

Interestingly, retail point-of-sale attacks, which have been in the news of late, are actually on the wane in terms of volume, the DBIR notes.

Verizon issues its annual DBIR in part to highlight its own Verizon Managed Security Services which delivers, among many other things, two-factor authentication capabilities.

— Carol Wilson, Editor-at-Large, Light Reading

(2)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Carol Wilson
50%
50%
Carol Wilson,
User Rank: Blogger
4/22/2014 | 3:22:35 PM
Re: Social Engineering
One of the DBIR's findings this year is that many data breaches go unnoticed for a substantial period of time. 

Certainly that was the case with many of the retail breaches this year, like the Target and Lord&Taylor incidents. Information gathering can be done over a long period of time, which means the impact of the breach is much greater. 

That puts a premium on not only trying to prevent breaches but on identifying them more quickly, which I think depends more on the ongoing analysis and tracking of LAN and WAN activity. 
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
4/22/2014 | 3:18:32 PM
Social Engineering
Getting stolen or hacked passwords probably comes from phishing attempts. It would seem, in my estimation, one of the easiest ways to procure authentication information. 

Social engineering is a bit different in that oftentimes a user doesn't realize they have been hacked for a long time. This type of intrusion can go unnoticed for a lengthy amount of time, and can reap a treasure trove of information for malicious actors. 
From The Founder
Light Reading sits down at CES with the head of Cisco's service provider video business, Conrad Clemson, to discuss how NFV and cloud security relate to video, the challenge of managing 4K/8K traffic, the global expansion of Netflix and virtual reality.
Flash Poll
Live Streaming Video
CLOUD / MANAGED SERVICES: Prepping Ethernet for the Cloud
Moderator: Ray LeMaistre Panelists: Jeremy Bye, Leonard Sheahan
LRTV Custom TV
Join Us at the Digital Operations Transformation Summit

2|4|16   |   03:52   |   (0) comments


The Digital Operations Transformation Summit on February 21, 2016 at the Crowne Plaza Barcelona Fira Centre will bring together 50 senior executives to engage in a unique debate on the opportunities and challenges presented by the transformative evolving digital landscape. RSVP now at events@lightreading.com.
LRTV Custom TV
Making the Test: ADVA Ensemble Connector vs. Open vSwitch

2|4|16   |   01:28   |   (0) comments


Light Reading, in partnership with EANTC, recently tested ADVA's Ensemble Connector, which replaces open vSwitch and offers carrier-grade capability and interoperability. The test results strengthen ADVA's credibility as a provider in the virtualization space.
LRTV Custom TV
Bridging the Gap Between PoCs & Deployment in NFV

2|4|16   |   31:50   |   (0) comments


Charlie Ashton of Wind River presents the keynote at Light Reading's 2020 Vision executive summit in Dublin.
Between the CEOs
CEO Chat With Mike Aquino

2|3|16   |   17:34   |   (0) comments


The former CEO of Overture Networks, Mike Aquino, discusses why truly open virtualization solutions provide service providers with the greatest choice.
Shades of Ray
MWC: Buckle Up for 5G & the IIoT

2|2|16   |   02:28   |   (0) comments


This year's Mobile World Congress looks set to be a 5G land grab and a chance to get down and dirty with the Industrial Internet of Things (IIoT) – but what will the 5G discussions actually be about?
LRTV Custom TV
Case Study: Building China's Next-Gen TV Networks

2|2|16   |   5:01   |   (0) comments


With over 2 billion viewers worldwide, Shenzhen Media Group is one of China's largest content producers. By partnering with Huawei and Sobey, SZMG was able to modernize media operations with the Converged News Center, a production studio that is a model for next-generation workflows.
LRTV Custom TV
Quad Channel Modulator Driver with 46 Gbaud Capability from MACOM

1|28|16   |     |   (0) comments


MACOM's MAOM-003427 is the industry's first surface-mount modulator driver with 46 Gbaud capability to support next generation 200G and 400G applications.
LRTV Custom TV
Video Infographic: Validating Cisco's NFV Infrastructure

1|26|16   |   02:24   |   (1) comment


We all know that the network of the future will be virtual, but when will virtual become a reality? This video infographic covers the four key areas in which Light Reading, in partnership with EANTC, tested Cisco's NFV infrastructure: performance, reliability, multi-service capabilities and single pane of glass management.

For the full report, see

Between the CEOs
CEO Chat With Phil McKinney, CableLabs

1|22|16   |   13:36   |   (1) comment


At CES in Las Vegas, we met with Phil McKinney, CEO of CableLabs. Phil provides an update on the rollout of DOCSIS 3.1, his views on the future of open source and how consumer interest in virtual reality could affect network traffic.
Between the CEOs
Ericsson CTO on the Changing Telecom Market

1|21|16   |   10:26   |   (0) comments


At CES 2015, CTO of Ericsson, Ulf Ewaldsson, sits down with CEO of Light Reading, Steve Saunders, to discuss the changing telecom market, the new partnership with Cisco and the future of the telecom industry.
LRTV Interviews
Ireland's Data Dream

1|21|16   |   14:31   |   (0) comments


Host In Ireland president Gary Connolly tells Light Reading's Steve Saunders about the role Ireland is playing in hosting data for the world's largest organizations.
LRTV Custom TV
Brocade Keynote: Transitioning to the New IP

1|20|16   |   27:23   |   (0) comments


At 2020 Vision in Dublin, Andrew Coward, VP of Service Provider Strategy at Brocade, presents the transition to the New IP.
Upcoming Live Events
March 10, 2016, The Cable Center, Denver, CO
April 5, 2016, The Ritz Carlton, Charlotte, NC
May 23, 2016, Austin, TX
May 24-25, 2016, Austin Convention Center, Austin, TX
All Upcoming Live Events
Infographics
Cisco's latest VNI numbers suggest the world will be using 366.8 exabytes of data on smartphones and Internet of Things devices, up from 44.2 exabytes, in 2015.
Hot Topics
Alphabet Is Serious About Google Fiber
Mari Silbey, Senior Editor, Cable/Video, 2/1/2016
Did Juniper Pay 'Peanuts' for BTI?
Mitch Wagner, West Coast Bureau Chief, Light Reading, 2/2/2016
Google's 5G Radio Ambitions Are Expanding
Dan Jones, Mobile Editor, 2/5/2016
Purpose Is Key to Bringing Women Into Tech
Elizabeth Miller Coyne, Editor, 2/1/2016
How Data Center Outsourcing Fuels AT&T NetBond Growth
Carol Wilson, Editor-at-large, 2/3/2016
Like Us on Facebook
Twitter Feed
Webinar Archive
BETWEEN THE CEOs - Executive Interviews
The former CEO of Overture Networks, Mike Aquino, discusses why truly open virtualization solutions provide service providers with the greatest choice.
As anyone who knows me will tell you, I like to think I know a fair bit about this next-gen-comms malarkey, but there's nothing like an interview with one of the ...
Animals with Phones
Happy Groundhogs for Technology Day! Click Here
Live Digital Audio

Broadband speeds are ramping up across Europe as the continent, at its own pace, follows North America towards a gigabit society. But there are many steps to take on the road to gigabit broadband availability and a number of technology options that can meet the various requirements of Europe’s high-speed fixed broadband network operators. During this radio show we will look at some of the catalysts for broadband network investments and examine the menu of technology options on offer, including vectoring and G.fast for copper plant evolution and the various deployment possibilities for FTTH/B.