Security firm Verizon has proposed using "big data analytics" to enable firms to manage risks and combat cybercrime in their sector more effectively. Findings from the firm's 2014 Data Breach Investigations Report indicated that just three of nine identifiable threat patterns covered an average of 72% of incidents in any given industry in 2013.
"After analysing 10 years of data, we realise most organisations cannot keep up with cybercrime - and the bad guys are winning," said Wade Baker, the report's principal author. "But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically."
"Organisations need to realise no one is immune from a data breach. Compounding this issue is the fact that it is taking longer to identify compromises within an organisation - often weeks or months, while penetrating an organisation can take minutes or hours," he said.
Verizon's report indentified nine types of threat accounting for 92% of all incidents recorded over a 10 year period. These were denial of service attacks; 'cyber espionage'; the use of malware in an attempt to gain control of systems; misuse of systems and system privileges by employees; payment card skimmers; physical loss or theft; point-of-sale (POS) intrusions; web app attacks; and miscellaneous errors such as sending an email to the wrong person.
Unsurprisingly, some of these threats and techniques were more common in some sectors than others. However, analysis of this year's figures found that just three threats covered the majority of security incidents in any industry. For example, 75% of incidents recorded in the financial services sector came from web application attacks, distributed denial of service (DDoS) and card skimming; while cyber espionage and DDoS were particularly common in the manufacturing sector. Retailers tended to report DDoS attacks, web application attacks and POS intrusions, although the second of these had been trending downward since 2011, Verizon said.
This year's report analysed more than 1,300 confirmed data breaches reported by 50 organisations in 95 countries, as well as more than 63,000 reported security incidents that did not result in a breach. A combined total of 5,900 data breaches have now been recorded over the 10-year range of the research.
According to the report, the misuse of or use of stolen credentials, such as usernames and passwords, to gain access to information remained the most common type of data breach in 2013. The number of well-publicised data breaches involving the exploitation of weak or stolen passwords showed the importance of strong 'two-factor' authentication, perhaps involving the use of an additional device such as a smartcard or mobile phone, to protect information, Verizon said.
This year's report included analysis of DDoS attacks, common in the financial services, retail, professional, information and public sector industries, for the first time. This type of attack, which typically involves hackers using malware-infected computers to bombard systems with such large amounts of traffic that they cease to function, has increased in frequency each year over the past three years, according to the report.
Although attacks consisting of 'cyber espionage' accounted for a relatively small proportion of the overall number of incidents recorded, Verizon noted a more than three-fold increase, to 511 incidents, when compared to last year's report. Although the increase was partially due to a bigger dataset, the researchers noted that this type of attack tended to be the most complex and diverse. Most of this activity took place in China, as was the case in 2013's report, but more than 20% of incidents also occurred in Eastern Europe, according to the report.