Some 92% of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry.
This finding is part of Verizon’s 2014 Data Breach Investigations Report, which asserts that the industry needs a more focused and effective way to fight cyber threats.
“After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime – and the bad guys are winning,” said Wade Baker, principal author of the Data Breach Investigations Report series. “But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically.
“Organizations need to realize no-one is immune from a data breach. Compounding this issue is the fact that it is taking longer to identify compromises within an organization – often weeks or months, while penetrating an organization can take minutes or hours,” Baker said.
The report identifies the nine threat patterns as: miscellaneous errors such as sending an email to the wrong person; crimeware (various malware aimed at gaining control of systems); insider/privilege misuse; physical theft/loss; Web app attacks; denial of service attacks; cyber espionage; point-of-sale intrusions; and payment card skimmers.
This year’s report found that on average, just three threat patterns cover 72% of the security incidents in any industry.
For example, in the financial services sector, 75% of the incidents come from Web application attacks, distributed denial of service (DDoS) and card skimming, while 54% of all manufacturing attacks are attributed to cyberespionage and DDoS. In the retail sector, the majority attacks are tied to DDoS (33%) followed by point-of-sale intrusions (31%).