Verizon has released its 2015 data breach investigation report today, and not surprisingly they cited that while cyber attacks are becoming increasingly sophisticated, the main methods of attack by criminals are still through decades-old techniques such as phishing and hacking.
Approximately 70 percent of the attacks involved a combination of the three, and most times also a secondary victim, adding to a particular breaches complexity.
The report also cited that many security patches for vulnerabilities have never been utilized, so those same vulnerabilities remain. Some of the vulnerabilities were discovered in 2007, some eight years ago. Quite a shocking statistic.
This year’s findings, as in past years, pointed out what Verizon researchers call the “detection deficit”, the time that elapses between an occurring breach, lasting until it’s discovered. Unfortunately, in 60 percent of the breaches, attackers are able to compromise an entire organization within minutes, crippling the organization. Also, that an attack could be avoided by paying more attention to obtaining and maintaining a vigilant approach to better cyber security.
As quoted in the report, “We continue to see sizable gaps in how organizations defend themselves,” said Mike Denning, vice president of global security for Verizon Enterprise Solutions.
Mr. Denning went on to say, “While there is no guarantee against being breached, organizations can greatly manage their risk by becoming more vigilant in covering their bases”.
The report continues on to state that mobile threats are overblown, agreeing with many industry analysts and that any security threats to the mobile platforms are negligible.
While, in the 2014 report, Verizon didn’t get into the machine to machine security breaches, they sure did this year. Verizon examined breaches involving connected machines, including breaches involving “bot-nets” co-opting IoT (Internet of Things) devices. The term “bot-net” refers to a network of devices having malicious software without a user’s knowledge. Finally, the report cites the need for security being a high priority when it comes to deployment of next generation intelligent devices. For more information on the subject, and the rest of the report, we’ll have a link at the bottom.