Data Breach Investigations Report – some things, unfortunately, don’t change.SecurEnvoy 30/04/2018, Security
Verizon’s annual Data Breach Investigations Report has just been released in its 10th edition and it makes for interesting reading for anyone with an interest in keeping their data safe.
Analysing over 43,000 attempted breaches - or “incidents” - throughout 2017, it gives a clear commentary on the state of the security landscape and the principal areas to consider for those wanting to stay ahead of their would-be attackers.
While the report doesn’t really throw up any surprises, it brings to attention several persistent and salient points that we talk about regularly with prospective and existing clients and which are worth reiterating here:
1: It’s not if, but when you’ll get attacked
While there were inevitably some business sectors that attracted more attacks than others - retail and healthcare being particularly high on the ‘at-risk’ list - it’s fair to say that hackers really aren’t picky about who they target: Every sector imaginable – from agriculture through to utilities - was targeted in some way or another, with a full 58% of incidents hitting small companies.
2: Web applications are a huge potential gateway into your systems
The rise of the web application is inevitable in the current IT environment. Businesses are increasingly putting their CRM, their accounting software and their fileservers in the cloud, but it seems that companies aren’t evolving their security in line with their IT environment. Despite being the target of “just” 9% of attempted incidents, web apps were a feature of 18% of successful breaches – demonstrating they’re a real potential weak point in many companies’ network security.
3: People remain a big cause for concern
It will come as no surprise to many readers that staff, either deliberately or in error, are a major cause of security breaches across all sectors and across different breach types. Whether due to lost devices, clicking on a phishing email or misused access rights, over a quarter of all breaches recorded in the report involved an internal actor in some way.
It’s fair to say that a major frustration of IT security professionals is the ability of some end users to find trouble. Statistics like the above underline the need to treat the threat from staff actions more seriously, to restrict users’ access only to the data they need, and take steps to ensure lost laptops and phones don’t lead to bigger problems.
4: Uncovering a breach can take months
A staggering 68% of the incidents recorded in the DBIR took a month or more to come to light. That’s quite a time for a malicious code or unauthorised individuals to roam your network, stealing, copying or destroying information as they do so. That, in turn, can lead to system failure, financial loss or reputational damage, any of which could jeopardise your entire business.
All of this makes for bleak reading, but perhaps the most depressing takeaway for us in the industry is how lessons don’t appear to be being learned, and how easily a lot of breaches could be prevented, IF businesses acted responsibly. Look back at past reports and you’ll see a depressing trend:
In EVERY report in the last 10 years, Verizon has explicitly recommended use of Multifactor Authentication as a fast and effective means of preventing data breaches, and yet each year, the same reports highlight the same gaps in companies’ defences.
It should be a no-brainer: MFA is probably the one easiest and most cost-effective step you can take to make your business noticeably more secure: It achieves so much more than simply bolstering the strength of your users’ login credentials, and goes a long way to preventing a wide range of breaches:
- >Lost or stolen devices no longer pose a risk to the wider system, as without the second factor, access will be denied
- > The effectiveness of phishing attacks is dramatically reduced as keyword loggers are unable to record and replicate an MFA login, while credentials theft is rendered useless by one-time passcodes
- > Customisable access levels enable you to restrict lateral movement, preventing any rogue employee from gaining access to areas or information they don’t need to. They also prevent lateral movement through the system should any user’s basic access level be compromised.
- > Admin dashboards give full visibility of the trusted devices on your network as well as failed and successful access attempts and more, giving early warning of any suspicious activity.
The team here at SecurEnvoy have worked with clients of all sizes, in a diverse range of industries to implement robust MFA security that protects them from the threats highlighted above, as well as many others. If you’d like to understand how easily you can bolster your systems security, drop us a line at firstname.lastname@example.org.
For further reading, you can download the full Verizon DBIR 2018 report here.