Welcome!

News Feed Item

Verizon 2014 Data Breach Investigations Report Identifies More Focused, Effective Way to Fight Cyberthreats

Report Finds Nine Basic Patterns Make Up 92 Percent of Security Incidents; No Organization Is Immune From a Data Breach

NEW YORK, April 23, 2014 /PRNewswire/ -- Verizon security researchers, using advanced analytical techniques, have found that 92 percent of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry. This finding, the highlight of Verizon's "2014 Data Breach Investigations Report," will enable a more focused and effective approach to fighting cyberthreats.

"After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime – and the bad guys are winning," said Wade Baker, principal author of the Data Breach Investigations Report series. "But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically.

"Organizations need to realize no one is immune from a data breach. Compounding this issue is the fact that it is taking longer to identify compromises within an organization – often weeks or months, while penetrating an organization can take minutes or hours," Baker said.

The DBIR identifies the nine threat patterns as: miscellaneous errors such as sending an email to the wrong person; crimeware (various malware aimed at gaining control of systems); insider/privilege misuse; physical theft/loss; Web app attacks; denial of service attacks; cyberespionage; point-of-sale intrusions; and payment card skimmers.  

This year's report found that on average, just three threat patterns cover 72 percent of the security incidents in any industry.

For example, in the financial services sector, 75 percent of the incidents come from Web application attacks, distributed denial of service (DDoS) and card skimming, while 54 percent of all manufacturing attacks are attributed to cyberespionage and DDoS. In the retail sector, the majority of attacks are tied to DDoS (33 percent) followed by point-of-sale intrusions (31 percent).

2014 Data Breach Investigations Report Offers New Insights into Cybercrime

Other key findings in the report include:  

  • Cyberespionage is up again in the 2014 report, representing a more than three-fold increase compared with the 2013 report, with 511 incidents. (This is partially due to a bigger dataset.) In addition, these attacks were found to be the most complex and diverse, with a long list of threat patterns. As it did last year, China still leads as the site of the most cyberespionage activity; but the other regions of the world are represented, including Eastern Europe with more than 20 percent.
  • For the first time, the report examines distributed denial of service attacks, which are attacks intended to compromise the availability of networks and systems so that, for example, a website is rendered useless. They are common to the financial services, retail, professional, information and public sector industries. The report points out that DDoS attacks have grown stronger year-over-year for the past three years. 
  • The use of stolen and/or misused credentials (user name/passwords) continues to be the No. 1 way to gain access to information. Two out of three breaches exploit weak or stolen passwords, making a case for strong two-factor authentication.
  • Retail point-of-sale (POS) attacks continue to trend downward, exhibiting the same trend since 2011. Industries commonly hit by POS intrusions are restaurants, hotels, grocery stores and other brick-and-mortar retailers, where intruders attempt to capture payment card data. While POS breaches have been in the headlines lately, they are not indicative of the actual picture of cybercrime.
  • While external attacks still outweigh insider attacks, insider attacks are up, especially with regard to stolen intellectual property. The report points out that 85 percent of insider and privilege-abuse attacks used the corporate LAN, and 22 percent took advantage of physical access.

(NOTE:  Additional resources supporting the "2014 Data Breach Investigations Report" are available, including high-resolution charts. B-roll available upon request.)

Now in its seventh year of publication, the 2014 data breach report analyzes more than 1,300 confirmed data breaches as well as more than 63,000 reported security incidents. For the first time, the DBIR includes security incidents that don't result in breaches, in order to gain a better understanding of the cybersecurity landscape. Over the entire 10-year range of this study, the tally of data breaches now exceeds 5,900. Verizon is among 50 organizations from around the world that contributed data and analysis to this year's report. 

"This year's report offers unparalleled perspective into the world of cybercrime, based on big data analysis," said Eddie Schwartz, vice president of global cybersecurity and consulting solutions at Verizon Enterprise Solutions. "The 2014 DBIR will advance how we approach cyberthreats as an industry and through our intelligence-gathering enable enterprise organizations to more strategically determine their best defense."

Download the Report

The 2014 report can be downloaded in full at:  http://www.verizonenterprise.com/DBIR/2014/.

Verizon Delivers Unparalleled Managed Security Services

Verizon is a leader in delivering global managed security solutions to enterprises in the financial services, retail, government, technology, healthcare, manufacturing, energy and transportations sectors. Verizon combines powerful intelligence and analytics with an expansive breadth of professional and managed services, including customizable advanced security operations and managed threat protection services, next-generation commercial technology monitoring and analytics, rapid incident response and forensics investigations and identity management. Verizon brings the strength and expert knowledge of more than 550 consultants across the globe to proactively reduce security threats and lower information risks to organizations. 

For more information, visit us at http://www.verizonenterprise.com/solutions/security/.

For ongoing security insight and analysis from some of the world's most distinguished security researchers, read the Verizon Security Blog.

Verizon Enterprise Solutions creates global connections that generate growth, drive business innovation and move society forward.  With industry-specific solutions and a full range of global wholesale offerings provided over the company's secure mobility, cloud, strategic networking and advanced communications platforms, Verizon Enterprise Solutions helps open new opportunities around the world for innovation, investment and business transformation.  Visit www.verizonenterprise.com to learn more.

Verizon Communications Inc. (NYSE, Nasdaq: VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to consumer, business, government and wholesale customers. Verizon Wireless operates America's most reliable wireless network, with nearly 103 million retail connections nationwide. Verizon also provides converged communications, information and entertainment services over America's most advanced fiber-optic network, and delivers integrated business solutions to customers in more than 150 countries. A Dow 30 company with more than $120 billion in 2013 revenues, Verizon employs a diverse workforce of 176,800. For more information, visit www.verizon.com.

Verizon Enterprise Solutions Online News Center: News releases, blog posts, media contacts and other information are available in Verizon Enterprise Solutions' online News Center at http://www.verizonenterprise.com/about/news. News from Verizon Enterprise Solutions is also available through an RSS feed at http://www.verizonenterprise.com/rss-options/.

SOURCE Verizon

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
"Software-defined storage is a big problem in this industry because so many people have different definitions as they see fit to use it," stated Peter McCallum, VP of Datacenter Solutions at FalconStor Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The cloud competition for database hosts is fierce. How do you evaluate a cloud provider for your database platform? In his session at 18th Cloud Expo, Chris Presley, a Solutions Architect at Pythian, gave users a checklist of considerations when choosing a provider. Chris Presley is a Solutions Architect at Pythian. He loves order – making him a premier Microsoft SQL Server expert. Not only has he programmed and administered SQL Server, but he has also shared his expertise and passion with b...
"Operations is sort of the maturation of cloud utilization and the move to the cloud," explained Steve Anderson, Product Manager for BMC’s Cloud Lifecycle Management, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
We're entering the post-smartphone era, where wearable gadgets from watches and fitness bands to glasses and health aids will power the next technological revolution. With mass adoption of wearable devices comes a new data ecosystem that must be protected. Wearables open new pathways that facilitate the tracking, sharing and storing of consumers’ personal health, location and daily activity data. Consumers have some idea of the data these devices capture, but most don’t realize how revealing and...
Unless your company can spend a lot of money on new technology, re-engineering your environment and hiring a comprehensive cybersecurity team, you will most likely move to the cloud or seek external service partnerships. In his session at 18th Cloud Expo, Darren Guccione, CEO of Keeper Security, revealed what you need to know when it comes to encryption in the cloud.
What are the successful IoT innovations from emerging markets? What are the unique challenges and opportunities from these markets? How did the constraints in connectivity among others lead to groundbreaking insights? In her session at @ThingsExpo, Carmen Feliciano, a Principal at AMDG, will answer all these questions and share how you can apply IoT best practices and frameworks from the emerging markets to your own business.
Ask someone to architect an Internet of Things (IoT) solution and you are guaranteed to see a reference to the cloud. This would lead you to believe that IoT requires the cloud to exist. However, there are many IoT use cases where the cloud is not feasible or desirable. In his session at @ThingsExpo, Dave McCarthy, Director of Products at Bsquare Corporation, will discuss the strategies that exist to extend intelligence directly to IoT devices and sensors, freeing them from the constraints of ...
You think you know what’s in your data. But do you? Most organizations are now aware of the business intelligence represented by their data. Data science stands to take this to a level you never thought of – literally. The techniques of data science, when used with the capabilities of Big Data technologies, can make connections you had not yet imagined, helping you discover new insights and ask new questions of your data. In his session at @ThingsExpo, Sarbjit Sarkaria, data science team lead ...
SYS-CON Events announced today the Kubernetes and Google Container Engine Workshop, being held November 3, 2016, in conjunction with @DevOpsSummit at 19th Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA. This workshop led by Sebastian Scheele introduces participants to Kubernetes and Google Container Engine (GKE). Through a combination of instructor-led presentations, demonstrations, and hands-on labs, students learn the key concepts and practices for deploying and maintainin...
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
Cloud analytics is dramatically altering business intelligence. Some businesses will capitalize on these promising new technologies and gain key insights that’ll help them gain competitive advantage. And others won’t. Whether you’re a business leader, an IT manager, or an analyst, we want to help you and the people you need to influence with a free copy of “Cloud Analytics for Dummies,” the essential guide to this explosive new space for business intelligence.
Traditional IT, great for stable systems of record, is struggling to cope with newer, agile systems of engagement requirements coming straight from the business. In his session at 18th Cloud Expo, William Morrish, General Manager of Product Sales at Interoute, outlined ways of exploiting new architectures to enable both systems and building them to support your existing platforms, with an eye for the future. Technologies such as Docker and the hyper-convergence of computing, networking and sto...
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, discussed the importance of WebRTC and how it enables companies to focus...
With an estimated 50 billion devices connected to the Internet by 2020, several industries will begin to expand their capabilities for retaining end point data at the edge to better utilize the range of data types and sheer volume of M2M data generated by the Internet of Things. In his session at @ThingsExpo, Don DeLoach, CEO and President of Infobright, discussed the infrastructures businesses will need to implement to handle this explosion of data by providing specific use cases for filterin...
IoT generates lots of temporal data. But how do you unlock its value? You need to discover patterns that are repeatable in vast quantities of data, understand their meaning, and implement scalable monitoring across multiple data streams in order to monetize the discoveries and insights. Motif discovery and deep learning platforms are emerging to visualize sensor data, to search for patterns and to build application that can monitor real time streams efficiently. In his session at @ThingsExpo, ...