The 2015 Data Breach Investigation Report has set the bar even higher reviewing more than 2,100 confirmed data breaches and approximately 80,000 reported security incidents within the past year, as well as addressing more than 8,000 breaches and nearly 1,95,000 security incidents cumulatively that have occurred over the past 10 years period. By including details of the security incidents that didn’t result in breaches, Verizon aims to offer a better projection of the entire cybersecurity landscape.
Ashish Thapar, Managing Principal – Investigative Response, Verizon Enterprise Solutions, APAC discusses specific security threat trends that the report observed across key sectors –
Finance — Almost half of security incidents in the finance industry were caused by DoS attacks and crimeware. Although many organizations in this sector are acutely aware of the sensitivity of the data they hold, the risks posed by security breaches remain very real. The finance sector is slow to detect incidents and breaches compared to other industries – 30 percent of breaches were discovered within days, while 38 percent remained undiscovered for months or longer. Rarely do finance organizations detect breaches themselves — they’re often notified by law enforcement or other third parties, such as card companies.
Hospitality – In the hospitality industry, 89 percent of incidents can be attributed to point-of-sale (PoS) intrusions and DoS attacks. POS intrusions have fallen from 75 percent in last year’s report to 51 percent, while DoS attacks have risen sharply from 10 percent to 38 percent. Attacks were almost entirely perpetrated by remote, financially motivated criminal groups. In 78 percent of cases in the hospitality sector, incidents took months or longer to discover. This is in stark contrast to the average across industries where 74 percent of incidents were discovered in hours. One reason for the delay in discovery is that organizations in the hospitality sector are likely to be notified of an incident by an external party, such as a fraud alert, rather than internally.
Healthcare — Almost two thirds of security incidents in the healthcare industry involved physical theft and loss, privilege misuse, or miscellaneous errors. However a hug red flag was raised, whilst compromises often take just minutes, in over a third of cases it took healthcare organizations months or years to discover an incident had occurred. In 80 percent of cases it took attackers just minutes or less to compromise healthcare data, however it was months or longer before healthcare organizations became aware of well over a third (36 percent) of breaches.
Public Sector – Four out of five of the security incidents affecting public sector organizations in this year’s Data Breach Investigations Report (DBIR) involved miscellaneous errors, insider and privilege misuse, or physical theft and loss. Unsurprisingly, each of these three types of incident revolve around people — whether it’s human error or intentional abuse of access and many of these incidents could have been prevented. In 78 percent of cases, public sector systems were compromised in just seconds, compared to 38 percent of cases in the all-industry sample. And once a public sector organization was compromised, attackers were able to exfiltrate data in hours or less in 75 percent of incidents. It took organizations significantly longer to discover that there had been a breach, and containment typically took days or more (in over 80 percent of cases).
Retail – Almost 90 percent of security incidents in the retail sector involved DoS attacks, crimeware, or POS intrusions. Attackers were often able to compromise systems and walk away with data in days or less. Data was compromised in days or less in over 80 percent of cases but in over 50 percent of cases it took retail organizations months or more to discover a breach had occurred. Most breaches continue to be discovered by external third parties or by Common Point of Purchase fraud algorithms that can take time. The better news is that once discovered, organizations were able to contain almost half (47 percent) of the breaches in days or hours.
“My message to enterprises is to ‘act now’. Nobody is immune to cybercrime and the longer it takes for an organization to discover a breach, the more time attackers have to penetrate its defenses and cause damage. Comprehensive security isn’t a business luxury, it is a daily necessity,” concludes Thapar.