This year’s publication of the 2014 Verizon Data Breach Investigations Report (DBIR) takes a different format than the previous reports released since 2008. In the 60 pages of the report, Verizon dedicated sections around common incident patterns derived directly from the data itself.
Verizon surveyed 50 companies, ranging from private to public, representing 95 countries. From the companies surveyed, the total data set is comprised of 1,367 confirmed data breaches and a staggering 63,437 incidents.
Verizon states, “The ultimate goal is to provide actionable information presented in a way that enables you to hash out the findings and recommendations most relevant to your organization.”
2013 – “The Year of the Retailer Breach”
Based on their findings, Verizon summarized 2013 as the “year of the retailer breach,” but a more comprehensive assessment of the InfoSec risk environment shows it was also a year of transition from geo-political attacks to large-scale attacks on payment card systems.
Why Target Retailers? (no pun intended)
Retailers including Schnucks, Raley’s, Harbor Freight, Vodafone, Nordstrom, and Target all had major security breaches in 2013 with goals to capture consumer information. But why was Target’s breach, in particular, so public? Harbor Freight too had a similar breach but even their customers weren’t notified, much less the media.
Though there are many obvious reasons why Target’s breach received a disproportionate amount of media attention, it most likely due to the timing (Christmas Holiday season), the name (bulls-eye logo), and the brand.
Why is this important? Well, for one thing it shows that the impact of a security breach on a brand is not always equal. The bigger and more well-known brand – the bigger the microscope and the damage to brand a security breach can make.
What are the criminal’s tactics?
In Verizon’s report, they took an in-depth look at “financially motivated attacks.” Behind these attacks are criminals who are “hyper-focused on gaining access to the money, so it follows that their two primary target industries are the financial and retail industries (where data that easily converts to money is abundant and, all too often accessible.”
Different than attacks on the financial services sector, where criminals are simply try to gain access the user interface of the web, attacks on the retail industry primarily aim to nab credit card information (95% of the incidents).
How do they do it? According to the study, out of the top varieties of threat actions they dove into, retail is among the top targets of many of these actions. These threat actions include Point-of-Sale (POS) Intrusions, Web App Attacks, Payment card skimmers, and Denial of Service attacks.
Luckily, the report suggests steps retailers can take to protect their consumers and their brand. These best practices include restricting remote access,enforcing lockout and password policies, monitoring outbound connections,and leveraging threat feeds to name a few. Based on Verizon’s conclusion that “many of the associated risks to the consumer will be contingent upon how quickly they respond to a breach notification,” we think that one best practice security professionals should leverage is a threat feed. This is because threat feeds can give you warnings before there is large attack and can help you quickly identify the infrastructure being used by the criminals.
What about phishing?
Phishing ranked third overall as the top used threat action – the highest it has ranked in all the DBIR reports to date. It also showed that it is a very effective way to gain access to an organization or information. Not big news – we know. But, what was shocking is that a phishing campaign of only 10 messages has more than 90% chance of getting a click! This proves that even a campaign sending only a small number of messages, which is more likely to go unnoticed without the right measures in place, has a very high probability of success. The DBIR report states, “18% of users will visit a link in a phishing email.” This is because most users unfamiliar with drive-by malware might think that just visiting a link won’t result in a compromise. Reality is – it will.