Security Market Segment LS
Wednesday, 15 February 2017 08:45

Verizon Data Breach Digest 2017 – Perspective is reality

By

Verizon’s annual Data Breach Investigations Report (DBIR) and the companion Data Breach Digest are among the most anticipated reports each year for their integrity, depth, scientific rigor and insights.

Verizon is not only the largest US telco but its network infrastructure allows it to draw on data from more than 82 countries and 67 contributors, including the Australian Federal Police. In Australia it has data centres and provides enterprise/government level network support.

The 85-page investigations report is here and the digest is online here. A related blog post states that “Data breaches are complex affairs often involving some combination of human factors, hardware devices, exploited configurations or malicious software. As can be expected, data breach response activities — investigation, containment, eradication, notification, and recovery — are proportionately complex.”

These response activities, and the lingering post-breach after effects, aren’t just an IT security problem; they’re an enterprise problem involving Legal Counsel, Human Resources, Corporate Communications and other Incident Response (IR) stakeholders. Each of these stakeholders brings a slightly different perspective to the breach response effort.

Verizon says its DBIR is the annual publication on security. The DBD complements and supplements the DBIR by bringing data breaches to life through narratives told by breach responders. So, use the DBIR to frame your argument for enterprise change; use the DBD to illustrate why such change is needed.

Carrying forward from last year, Verizon has come to realise that these data breach scenarios aren’t so much about threat actors, or even about the vulnerabilities they exploited, but more about the situations in which the victim organisations and their IR stakeholders find themselves.

Knowing which incident patterns affect your industry more often than others do provides a building block for allocating cybersecurity resources.

It has identified nine incident patterns:

  1. Insider and privilege misuse – trusted actors leveraging logical and/or physical access in an inappropriate or malicious manner.
  2. Cyber-espionage – targeted attacks from external actors hunting for sensitive internal data and trade secrets.
  3. Web application attacks – web-application-related stolen credentials or vulnerability exploits.
  4. Crimeware – malware incidents, typically opportunistic and financially motivated in nature (e.g., banking Trojans, ransomware).
  5. Point-of-sale (POS) Intrusions – attacks on POS environments leading to payment card data disclosure.
  6. Denial of service (DoS) Attacks – non-breach-related attacks affecting business operations.
  7. Payment card skimmers – physical tampering of ATMs and fuel pump terminals.
  8. Physical theft and loss – physical loss or theft of data or IT-related assets.
  9. Miscellaneous errors – an error directly causing data loss.

But in reality, data breaches fall into four “clustered groupings:

  1. The human element – four scenarios highlighting human-related threat actors or targeted victims.
  2. Conduit devices – four scenarios covering device misuse or tampering.
  3. Configuration exploitation – four scenarios focusing on reconfigured or misconfigured settings.
  4. Malicious software – four scenarios centering on sophisticated or special-purpose illicit software.

Verizon DBR four clusters

The IR (incident response) stakeholders are much wider than many think. Verizon has identified at least 16 groups.

Verizon DBR stakeholders 1

 Verizon DBR stakeholders 2

The report then goes into most aspects of incidence types and what the stakeholders have learned.


Subscribe to ITWIRE UPDATE Newsletter here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments