Monday, April 20, 2015

9 things retailers need to know about data breaches


Verizon is out with its annual cyber security report and while the findings are disturbing the good news is that retailers can thwart many a breach attempt by focusing on a handful of basic attack patterns.
Verizon's "2015 Data Breach Investigations Report," reveals that cyberattacks are becoming increasingly sophisticated, but many criminals still rely on decades-old techniques such as phishing and hacking. In fact, 70% of cyberattacks use a combination of these techniques and involve a secondary victim which adds complexity to a breach, according to the report.
"We continue to see sizable gaps in how organizations defend themselves," said Mike Denning, vice president of global security for Verizon Enterprise Solutions. "While there is no guarantee against being breached, organizations can greatly manage their risk by becoming more vigilant in covering their bases. This continues to be a main theme, based on more than 10 years of data from our 'Data Breach Investigations Report' series."
This year's report offers an in-depth look at the cybersecurity landscape, including an overview of mobile security, Internet of Things technologies and the financial impact of a breach. One of the key conclusions is that nine basic patterns account for roughly 96% of analyzed security incidents.
Verizon security researchers analyzed 2,100 confirmed data breaches and nearly 80,000 security incidents in the firm’s 2015 Data Breach Investigations Report and identified the following as common sources of attack:
  • Miscellaneous errors, such as sending an email to the wrong person
  • Crimeware (various malware aimed at gaining control of systems)
  • Insider/privilege misuse
  • Physical theft/loss
  • Web app attacks
  • Denial-of-service attacks
  • Cyberespionage 
  • Point-of-sale intrusions
  • Payment card skimmers
As in prior reports, this year's findings pointed out what Verizon researchers call the "detection deficit" – the time that elapses between a breach occurring until it's discovered. Sadly, in 60% of breaches attackers are able to compromise an organization within minutes, according to Verizon.
Naturally, a more vigilant approach to cyber security is good place to start, or channel greater efforts, especially since many defense tactics are readily available. For example, a troubling area singled out in this year's report is that many existing vulnerabilities remain open, primarily because security patches that have long been available were never implemented. In fact, many of the vulnerabilities are traced to 2007 – a gap of almost eight years, according to Verizon.
Other recommendations contained in the report to enhance cybersecurity are focused on; making people the first line of defense, keeping data on a need-to-know basis, patching promptly, encrypting sensitive data, using two-factor authentication and maintaining physical security. Now in its eighth year of publication, the report and additional resources supporting the research are available on the DBIR Resource Center.

No comments:

Post a Comment