Thursday, 22 August 2013

Attack techniques by the numbers

Verizon logo

Verizon released its 2013 Data Breach Investigations Report (DBIR) which offers security pros a guide to the most persistent threats and where attention should be focused to defend against them.

The report used the data obtained from breach investigations that they and other organisations performed during 2012. The data includes a total of 621 confirmed data breaches and over 47,000 security incidents from around the world.

According to the report, 52% of the data loss incidents it examined were the result of some form of hacking.

The report considered more than 40 attack techniques (some incidents used more than one) the majority came from just 5 categories, which shows hacker preferences. Of the 52% of breaches that involved hacking, 80% involved guessing, cracking, or reusing valid credentials.

Types of attack can vary depending on the size of the company. Small companies tend to get more "brute force" attacks on authentication while larger companies have more issues with stolen credentials.

The best way to tackle these forms of attack are by moving to multi-factor authentication, but it isn't always the safest solution and the Verizon also notes that password issues are not an easy problem to fix. Policies for proper password lengths and complexities are vital and can help reduce the risk. We wrote about passwords on a previous post and how you can make them more secure, you can find it here.

When discussing the importance of information security, it’s important to remember that anyone can be a target. You've probably heard excuses like "we're too small to be a target" or "we don't have anything of value", but if there is anything the Verizon report shows us, is that breaches can and do occur in organizations of all sizes in all types of industries.

Profit drives several breaches, especially in the finance, retail, and food-services sectors, but they also target industries that possess assets in the form of property, such as manufacturing and professional services.

Below is a list of attack techniques listed by the overall.

Attack techniques - Verizon Report
By the Numbers: Attack Techniques by Verizon
The report contains a lot of information that paints a clear picture of the motives and techniques used by attackers to compromise their target organizations. It's an interesting read and there are many lessons that can be found within. You can download the report here.

About the Author:
Julian writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Julian is the companies Digital Marketer.