Clumsy hands of employees continue to be the bane of CISOs according to the latest figures from the annual Verizon Data Breach Investigations Report.
Issued Wednesday, the report says 21 per cent of data breaches looked at last year were caused by errors. More worrying, system administrators as a source of accidental breaches are creeping up.
“While the rogue admin planting logic bombs and other mayhem makes for a good story,” says the report, “the presence of insiders is most often in the form of errors. These are either by misconfiguring servers to allow for unwanted access or publishing data to a server that should not have been accessible by all site viewers.”
As with previous reports, this year’s edition says the overwhelming majority of threats come from outside the enterprise — 69 per cent of the breaches looked at. Insiders — defined as employees — were behind 34 per cent of breaches, partners were blamed for two per cent, while five per cent involved insiders and partners.
One of the most comprehensive analysis of data from around the world, this year’s report looked at 41,686 security incidents from 73 contributors (including the FBI), of which 2,013 were confirmed data breaches. Verizon defines a data breach as a disclosure of data, not just a potential leak.
With security incidents showing no sign of declining, we asked Alex Pinto, head of research for the report what organizations aren’t learning.
“I think the most fair answer is sometimes it’s not so much that they’re not learning what they should be doing, because most of the recommendations from us would be pretty obvious — you should patch your servers, train your people so they don’t get phished. Getting those things done is the hard part,” he said, “Any of those things can be a multi-year effort for a large organization.”
“We try to give organizations a rough view of the landscape — it looks like in your industry is mostly being attacked by this — so if you want to do something to try to improve your security against the most likely thing that’s going to get you, we give you the cold, hard data … You can use this (report) to better decide on what to prioritize.”
Among the findings:
–15 per cent of breaches were caused by misuse by authorized users
–29 per cent of breaches involved stolen credentials
–56 per cent of breaches took months or longer to discover
–C-level executives are increasingly and proactively targeted by social engineering-related breaches
–compromise of web-based email accounts using stolen credentials (98 percent) is rising. It was seen in 60 per cent of attacks involving hacking a web application.
–one quarter of all breaches still associated with espionage.
–ransomware attacks are still strong, accounting for 24 per cent of the malware incidents analyzed and ranking second in most-used malware varieties
–discovery of cryptomining malware gets a lot of news, but in this report’s sample only accounted for roughly two per cent of incidents.
The report breaks incidents into nine classifications (crimeware, espionage, insider and privilege misuse, denial of service, payment card skimmers, point of sale intrusions, miscellaneous errors) and applies them across a number of sectors. The idea is to give CISOs in these industries insight into patterns and plan their defence strategies.
Get a copy of the full report here. Registration required.