Verizon recently released its 2016 Data Breach Investigations Report (“DBIR”) that outlines cybersecurity threats, vulnerabilities, and trends from 2015.  Verizon, with the assistance of more than 60 contributors, analyzed over 64,000 information security incidents (security events that affect the integrity of an information system) and 2,200 data breaches (incidents that result in the “confirmed disclosure of data to an unauthorized party”) affecting organizations in 82 countries. Items of particular interest in this year’s report include among others:  (1) an analysis of attacks by industry; (2) an increase in breach discovery time; and (3) a list of the most prevalent attacks or types of threats.  A brief description of each of these items follows.

Attacks by Industry

The majority of cyberattacks in 2015 targeted the financial services, accommodation, healthcare, information, and retail industries, along with the public sector.  The targeting of the financial services, accommodation, and retail industries corresponds with Verizon’s finding that monetary gain is the primary motive for attacks (75% of reported attacks appear to have been financially motivated).  Also, while attackers generally did not target their victims based on an organization’s size, organizations with fewer than 1,000 employees in the accommodation and retail sectors suffered more breaches than their larger competitors.

Increase in Breach Discovery Time

For more than 80% of the breaches analyzed in 2015, multiple days passed before a victim detected the compromise; the time it takes for an attack is shrinking and “is almost always days or less, if not minutes or less.”  Verizon attributes the increase in time to detect the attacker largely to improved phishing campaigns and other sophisticated methods that allow attackers to compromise networks and exfiltrate data before being detected.  In contrast, as an indication of success in identifying attacks, the report notes that the number of long-term breaches — those that can last for months — have slightly declined.

Most Prevalent Attacks in 2015

The DBIR categorizes more than 90% of all the incidents and data breaches into nine types of attacks or threats.  Listed below are these categories in order from the most to least prevalent for data breaches:

  • Web App Attacks: The use of compromised websites, web-based applications, and web services to gain access and obtain data — 5,334 total incidents of which 908 involved the disclosure of data.
  • Point-of-Sale Intrusions: Remote attacks against retail transactions requiring a card — 534 total incidents of which 525 involved the disclosure of data.
  • Miscellaneous Errors: Unintentional actions that compromise data, including internal mis-delivery and disposal errors —  11,347 total incidents of which 197 involved the disclosure of data.
  • Privilege Misuse: Unapproved or malicious use of elevated access by members of an organization to gather and exfiltrate data — 10,490 total incidents of which 172 involved the disclosure of data.
  • Cyber-espionage: Persistent, unauthorized network or system access by state-backed actors for espionage purposes — 247 total incidents of which 155 involved the disclosure of data.
  • Payment Card Skimmers: Physical implant of a device that reads magnetic stripe data from payment cards — 102 total incidents of which 86 involved the disclosure of data.
  • Physical Theft and Loss: The loss or malicious theft of data or information systems (i.e. encrypted laptop) — 9,701 total incidents of which 56 involved the disclosure of data.
  • Crimeware: Various forms of malware (e.g., primarily keyloggers and ransomware) that are injected via email attachments or links by criminal organizations or individuals with a financial motive — 7,951 total incidents of which 49 involved the disclosure of data.
  • Denial-of-Service Attacks: Actions intended to overwhelm and compromise networks over a period of time, resulting in the interruption or degradation of service — 9,630 total incidents of which only 1 involved the disclosure of data.
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Ashden Fein Ashden Fein

Ashden Fein is a vice chair of the firm’s global Cybersecurity practice. He advises clients on cybersecurity and national security matters, including crisis management and incident response, risk management and governance, government and internal investigations, and regulatory compliance.

For cybersecurity matters, Ashden counsels clients…

Ashden Fein is a vice chair of the firm’s global Cybersecurity practice. He advises clients on cybersecurity and national security matters, including crisis management and incident response, risk management and governance, government and internal investigations, and regulatory compliance.

For cybersecurity matters, Ashden counsels clients on preparing for and responding to cyber-based attacks, assessing security controls and practices for the protection of data and systems, developing and implementing cybersecurity risk management and governance programs, and complying with federal and state regulatory requirements. Ashden frequently supports clients as the lead investigator and crisis manager for global cyber and data security incidents, including data breaches involving personal data, advanced persistent threats targeting intellectual property across industries, state-sponsored theft of sensitive U.S. government information, extortion and ransomware, and destructive attacks.

Additionally, Ashden assists clients from across industries with leading internal investigations and responding to government inquiries related to the U.S. national security and insider risks. He also advises aerospace, defense, and intelligence contractors on security compliance under U.S. national security laws and regulations including, among others, the National Industrial Security Program (NISPOM), U.S. government cybersecurity regulations, FedRAMP, and requirements related to supply chain security.

Before joining Covington, Ashden served on active duty in the U.S. Army as a Military Intelligence officer and prosecutor specializing in cybercrime and national security investigations and prosecutions — to include serving as the lead trial lawyer in the prosecution of Private Chelsea (Bradley) Manning for the unlawful disclosure of classified information to Wikileaks.

Ashden currently serves as a Judge Advocate in the
U.S. Army Reserve.