& cplSiteName &

Verizon Offers Industry-Specific Security Advice

Carol Wilson
4/22/2014
50%
50%

Seven years into publishing its annual analysis of data breach information, Verizon is taking a new approach, combining big data analysis with 10 years of data breach records to produce information specific industries can use to make their networks safer. (See Verizon DBIR Focuses Security by Industry.)

The 2014 Data Breach Investigations Report, known as the DBIR, goes beyond what past reports have delivered, says Verizon Enterprise Solutions 's Marc Spitler, senior analyst and DBIR co-author, to give enterprises more information on which they can act. After analyzing 63,000 incidents and 1,600 confirmed data breaches, Verizon determined that 90% of these fall into one of nine incident patterns. (By the way, you can download a copy of the report here.)

"These incidents patterns are analyzed, and they are mapped to particular industries, because we believe that will make it more actionable to those industries," Spitler says. "We think this is the proper evolution of what we are doing because people want more analysis and more advice on what to do."

By focusing on the type of incidents that most often affect their specific industry segment, enterprises can make more efficient use of the information Verizon is providing. That's particularly important because most industries are hit harder by a limited number of attack types, Spitler says.

What Verizon found is that most industries face the greatest threat from only three of the nine data threat patterns. Those patterns are:

  • Crimeware: malware intended to gain control of systems
  • Insider/privilege misuse
  • Physical theft/loss
  • Cyber-espionage
  • Denial-of-service attacks
  • Web app attacks
  • Point-of-sale intrusions
  • Payment card skimmers
  • Miscellaneous errors such as directing email to the wrong person

That's not to say the 2014 DBIR isn't full of its usual juicy tidbits about trends in cybercrime, because it is. For example, cyber-espionage is up, with the number of incidents reported totaling three times what was reported in 2013, although that is due in part to a greater data set. Many data breaches today happen stealthily and can take a long time to identify, leading to greater damage.

For the first time, the Verizon DBIR chose to address DDOS attacks and found these are getting stronger every year. DDOS attacks compromise network resources and can be either a distraction to the real data breach or an intended disruption of business. Financial services, retail, professional, information, and public sector enterprises all count DDOS attacks among their main threats.

The number one way of getting information remains use of stolen or hacked passwords, and DBIR authors say that makes a strong case for two-factor authentication.

Interestingly, retail point-of-sale attacks, which have been in the news of late, are actually on the wane in terms of volume, the DBIR notes.

Verizon issues its annual DBIR in part to highlight its own Verizon Managed Security Services which delivers, among many other things, two-factor authentication capabilities.

— Carol Wilson, Editor-at-Large, Light Reading

(2)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Carol Wilson
50%
50%
Carol Wilson,
User Rank: Blogger
4/22/2014 | 3:22:35 PM
Re: Social Engineering
One of the DBIR's findings this year is that many data breaches go unnoticed for a substantial period of time. 

Certainly that was the case with many of the retail breaches this year, like the Target and Lord&Taylor incidents. Information gathering can be done over a long period of time, which means the impact of the breach is much greater. 

That puts a premium on not only trying to prevent breaches but on identifying them more quickly, which I think depends more on the ongoing analysis and tracking of LAN and WAN activity. 
danielcawrey
50%
50%
danielcawrey,
User Rank: Light Sabre
4/22/2014 | 3:18:32 PM
Social Engineering
Getting stolen or hacked passwords probably comes from phishing attempts. It would seem, in my estimation, one of the easiest ways to procure authentication information. 

Social engineering is a bit different in that oftentimes a user doesn't realize they have been hacked for a long time. This type of intrusion can go unnoticed for a lengthy amount of time, and can reap a treasure trove of information for malicious actors. 
From The Founder
Cisco's Conrad Clemson, recently promoted to head up the company's Service Provider Apps & Platforms developments, talks to Light Reading's Founder and CEO Steve Saunders about how he's bringing cloud video, mobile and virtualization together to empower network operators.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Documentaries
MLBAM: Live Sports Streaming Will Be Big

3|30|17   |     |   (0) comments


MLB Advanced Media EVP and CTO Joe Inzerillo explains why live sports streaming will take off over the next few years despite major technical challenges.
LRTV Custom TV
Xilinx Disruptive Technology Breakthrough for 5G Wireless

3|30|17   |     |   (0) comments


Xilinx has integrated multi-giga-sample RF data converters into its 16nm MPSoCs devices for the industry's first All Programmable RFSoC, eliminating the need for discrete ADCs and DACs.
LRTV Huawei Video Resource Center
Turkcell Challenges Turkey's Current TV Market

3|29|17   |     |   (0) comments


Baris Zavaroglu, TV and rntertainment business director of Turkcell, explains Turkcell's strategy in elevating the small and uncertain TV market in Turkey.
LRTV Huawei Video Resource Center
Altibox’s Infrastructure Synergy Strategy Reduces Deployment Costs

3|29|17   |     |   (0) comments


Thomas Skjelbred, CEO of Altibox, on how to improve efficiency and reduce deployment coast through infrastructure synergy in Norway.
LRTV Huawei Video Resource Center
Ismail Butun on the Changing Role of Turkcell

3|29|17   |     |   (0) comments


Ismail Butun, chief marketing officer of Turkcell, explains the importance of video and mobile services for the future of the company.
LRTV Huawei Video Resource Center
IDC's Emir Halilovic on Trends of Cloudification

3|29|17   |     |   (0) comments


Emir Halilovic of IDC CEMA discusses the future and direction of cloudification. Also, the all-cloud approach taken by Huawei and others in the industry.
LRTV Custom TV
How Intel Is Powering the 5G Era

3|29|17   |     |   (0) comments


Light Reading tours a series of 5G "super demos" so see how Intel envisions the 5G-connected future. We take a look at a prototype connected BMW, a light pole with environmental sensors that provides 5G wireless to a smart home and a fully untethered virtual reality experience.
LRTV Custom TV
Source Photonics CEO Doug Wright Talks About the Future of Source Photonics

3|29|17   |     |   (0) comments


Source Photonics' CEO, Doug Wright, talks to Light Reading about how the company is continuously investing in its operations to meet not only its customers' current technology demands but also to deliver their next-generation technology needs.
LRTV Custom TV
Live Demo: DevOps in Service Chains & 5G Network Slices PoC

3|29|17   |     |   (0) comments


Executives from PoC collaborating companies – Patrick Waldemar, VP and Head of Technology at Telenor Research, John Healy, VP of the Datacenter Network Solutions Group at Intel, Vincent Spinelli, SVP of Global Sales and Marketing at RIFT.io, Mats Eriksson, CEO and co-founder of Arctos Labs, and Mats Nordlund, CEO and co-founder of Netrounds – review ...
LRTV Documentaries
The Year of Fat & Skinny Bundles

3|29|17   |   21:06   |   (0) comments


In this fireside chat, Roku's Andrew Ferrone predicts that 2017 will be the year of multichannel OTT video bundles and spells out other trends in the OTT and pay-TV markets.
LRTV Huawei Video Resource Center
BBWF 2016: Orange Poland's Next-Gen Central Office

3|28|17   |     |   (0) comments


Introduction to Orange Poland's legacy next-generation central office solution.
LRTV Custom TV
Viavi at OFC 2017

3|28|17   |   4:15   |   (0) comments


Light Reading's Editor-in-Chief Craig Matsumoto reports from the Viavi booth at OFC and gets an update on the 400G testing market from Tom Fawcett, VP and GM of LAB & Production. At this year's event, Viavi won three awards from Lightwave magazine and showcased an interoperability demo with Ethernet Alliance and Finisar.
Upcoming Live Events
May 15-17, 2017, Austin Convention Center, Austin, TX
May 15, 2017, Austin Convention Center - Austin, TX
June 6, 2017, The Joule Hotel, Dallas, TX
All Upcoming Live Events
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
FTTH No Slam Dunk for Cable
Carol Wilson, Editor-at-large, 3/23/2017
Unlocking China's $194B Telecom Market
Robert Clark, 3/27/2017
Ericsson Tightens Focus, Warns of $1.7B Q1 Hit
Iain Morris, News Editor, 3/28/2017
WiCipedia: Supergirls, No More Excuses & Media Monitoring
Eryn Leavens, Special Features & Copy Editor, 3/24/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
TEOCO Founder and CEO Atul Jain talks to Light Reading Founder and CEO Steve Saunders about the challenges around cost control and service monetization in the mobile and IoT sectors.
At MWC 2017, Qualcomm's CTO Matt Grob talks to Light Reading's CEO and Founder Steve Saunders about the progress being made in the development of the technologies and standards that will underpin 5G.
Animals with Phones
Working From Home Doesn't Work for Everyone Click Here
You shouldn't nap on your keyboard, for instance.
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.