Light Reading
Using its annual Data Breach Investigative Report, Verizon tells 18 different industries what they most need to fear - and protect against.

Verizon Offers Industry-Specific Security Advice

Carol Wilson
4/22/2014
50%
50%

Seven years into publishing its annual analysis of data breach information, Verizon is taking a new approach, combining big data analysis with 10 years of data breach records to produce information specific industries can use to make their networks safer. (See Verizon DBIR Focuses Security by Industry.)

The 2014 Data Breach Investigations Report, known as the DBIR, goes beyond what past reports have delivered, says Verizon Enterprise Solutions 's Marc Spitler, senior analyst and DBIR co-author, to give enterprises more information on which they can act. After analyzing 63,000 incidents and 1,600 confirmed data breaches, Verizon determined that 90% of these fall into one of nine incident patterns. (By the way, you can download a copy of the report here.)

"These incidents patterns are analyzed, and they are mapped to particular industries, because we believe that will make it more actionable to those industries," Spitler says. "We think this is the proper evolution of what we are doing because people want more analysis and more advice on what to do."

By focusing on the type of incidents that most often affect their specific industry segment, enterprises can make more efficient use of the information Verizon is providing. That's particularly important because most industries are hit harder by a limited number of attack types, Spitler says.

What Verizon found is that most industries face the greatest threat from only three of the nine data threat patterns. Those patterns are:

  • Crimeware: malware intended to gain control of systems
  • Insider/privilege misuse
  • Physical theft/loss
  • Cyber-espionage
  • Denial-of-service attacks
  • Web app attacks
  • Point-of-sale intrusions
  • Payment card skimmers
  • Miscellaneous errors such as directing email to the wrong person

That's not to say the 2014 DBIR isn't full of its usual juicy tidbits about trends in cybercrime, because it is. For example, cyber-espionage is up, with the number of incidents reported totaling three times what was reported in 2013, although that is due in part to a greater data set. Many data breaches today happen stealthily and can take a long time to identify, leading to greater damage.

For the first time, the Verizon DBIR chose to address DDOS attacks and found these are getting stronger every year. DDOS attacks compromise network resources and can be either a distraction to the real data breach or an intended disruption of business. Financial services, retail, professional, information, and public sector enterprises all count DDOS attacks among their main threats.

The number one way of getting information remains use of stolen or hacked passwords, and DBIR authors say that makes a strong case for two-factor authentication.

Interestingly, retail point-of-sale attacks, which have been in the news of late, are actually on the wane in terms of volume, the DBIR notes.

Verizon issues its annual DBIR in part to highlight its own Verizon Managed Security Services which delivers, among many other things, two-factor authentication capabilities.

— Carol Wilson, Editor-at-Large, Light Reading

(2)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
Carol Wilson
50%
50%
Carol Wilson,
User Rank: Blogger
4/22/2014 | 3:22:35 PM
Re: Social Engineering
One of the DBIR's findings this year is that many data breaches go unnoticed for a substantial period of time. 

Certainly that was the case with many of the retail breaches this year, like the Target and Lord&Taylor incidents. Information gathering can be done over a long period of time, which means the impact of the breach is much greater. 

That puts a premium on not only trying to prevent breaches but on identifying them more quickly, which I think depends more on the ongoing analysis and tracking of LAN and WAN activity. 
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
4/22/2014 | 3:18:32 PM
Social Engineering
Getting stolen or hacked passwords probably comes from phishing attempts. It would seem, in my estimation, one of the easiest ways to procure authentication information. 

Social engineering is a bit different in that oftentimes a user doesn't realize they have been hacked for a long time. This type of intrusion can go unnoticed for a lengthy amount of time, and can reap a treasure trove of information for malicious actors. 
Educational Resources
sponsor supplied content
Educational Resources Archive
Flash Poll
From The Founder
It's clear to me that the communications industry is divided into two types of people, and only one is living in the real world.
LRTV Interviews
The New Wave of IP + Optical Integration

11|21|14   |   04:29   |   (7) comments


At the Alcatel-Lucent Technology Symposium, Heavy Reading senior analyst Sterling Perrin talks about how SDN has reshaped the discussion around packet and optical integration.
LRTV Huawei Video Resource Center
Huawei Highlights at BBWF 2014

11|20|14   |   3:40   |   (1) comment


Broadband World Forum is one of the world's largest telecoms, media and technology events with over 7,800 senior executives from across the globe converging on Amsterdam every year to identify the Next Big Thing. BBWF is an exciting place to meet the entire industry under one roof and identify the latest in network innovation, service optimization and customer ...
LRTV Huawei Video Resource Center
How Will BCMS Stimulate Margin for Broadband Operators?

11|19|14   |   6:52   |   (0) comments


In BBWF 2014, Liu Shuqing emphasizes the value of FMC 2.0 based full service experience by throwing light on the BCMS solution. The underlying principle of this innovative technique is to create network robustness and driving network from connection oriented to ACE – BAND oriented infrastructure, in which applications, cloud, and user experiences will be an asset ...
LRTV Huawei Video Resource Center
SingleFAN3.0: Better Connected Experience

11|19|14   |   3:06   |   (1) comment


At the BBWF 2014, David Hu, the VP of Huawei Access Network Product Line, talked about the future of access networks – SingleFAN3.0: faster broadband, wider coverage, and smarter connection.
LRTV Interviews
Basil Alwan Interview: The Road to Cloud

11|19|14   |   09:09   |   (0) comments


Alcatel-Lucent's head of IP and Transport talks about the migration towards a web-like networking environment, the impact of the cloud, SDN and NFV, and the yet-to-be-announced FP4 chip.
LRTV Documentaries
FairPoint Makes a Fair Point About Analytics

11|19|14   |   1:56   |   (1) comment


The US-based communication service provider gets to grips with advanced analytics, tackling data and breaking down the silos within its own business.
LRTV Documentaries
Analytics Lets C Spire Get to Know Subs

11|19|14   |   3:01   |   (2) comments


It's all about the data for US operator C Spire as it uses analytics to personalize its customer service down to individual subscribers.
LRTV Interviews
Nuage Branches Out With SDN: CEO Interview

11|17|14   |   9:32   |   (0) comments


Sunil Khandekar, CEO of Alcatel-Lucent's SDN-focused unit Nuage Networks, talks about the opportunities and challenges of breaking out of the data center into wide-area networks.
Light Reedy
Telecom Analytics Grows Up

11|14|14   |   1:15   |   (4) comments


The big data analytics debate has moved on from a year ago, with some experts suggesting it's no longer a technology challenge.
LRTV Huawei Video Resource Center
Huawei Compass

11|14|14   |   3:17   |   (1) comment


At OpenStack Summit 2014, Shuo Yang, Huawei Principal Cloud Infrastructure Architect introduced Huawei Compass, the software tool for solving customers' problems on the journey of OpenStack Cloud.
LRTV Huawei Video Resource Center
Huawei's Cloud Strategy in European Region

11|14|14   |   2:56   |   (1) comment


At OpenStack Summit 2014, Dr. Gotz, CTO of Huawei IT in European Region introduced Huawei's cloud strategy in European region.
LRTV Huawei Video Resource Center
Huawei's Contribution on OpenStack

11|14|14   |   5:58   |   (0) comments


At OpenStack Summit 2014, Dennis Gu, Huawei Chief Architect of Cloud Computing introduced the relationship between OpenStack and cloud computing, and Huawei's contribution on OpenStack.
Upcoming Live Events
December 2, 2014, New York City
December 3, 2014, New York City
December 8-10, 2014, Reykjavik, Iceland
February 12, 2015, Atlanta, GA
April 14, 2015, New York City, NY
May 6, 2015, McCormick Convention Center, Chicago, IL
May 13-14, 2015, The Westin Peachtree, Atlanta, GA
June 9-10, 2015, Chicago, IL
Infographics
Irish Telecom outlines the rise of VoIP technology, including its adoption within businesses and their perception of its quality.
Hot Topics
Bell Labs Chief Slams 'Toy' Networks
Robert Clark, 11/19/2014
$38.3M: Ain't That a Kik in the SMS
Sarah Reedy, Senior Editor, 11/20/2014
Do You Have a 2020 Vision?
Dennis Mendyk, Vice President of Research, Heavy Reading, 11/21/2014
Google, AT&T, BT Unite on Network Data Models
Carol Wilson, Editor-at-large, 11/20/2014
The New Wave of IP + Optical Integration
Ray Le Maistre, Editor-in-chief, 11/21/2014
Like Us on Facebook
Twitter Feed