Espionage outpacing financial crime as better reporting improves security picture: Verizon

Growing data sharing between security and law-enforcement organisations may be improving visibility of the global cybercrime risk, but many Asia-Pacific region companies continue to jeopardise their data with lax security, senior Verizon security executives have warned on the release of the company's latest comprehensive security report.

Fully 88 percent of the 63,347 incidents reported in 2013 – and covered in the company's latest Data Breach Investigations Report (DBIR) – fall into nine specific categories, APAC regional managing principal Paul Black told CSO Australia, with a surge in the number of data sources reflecting the increasingly collaborative nature of the fight against cybercrime.

"This year was a big step forward," Black explained, noting that the DBIR – a widely referenced report that has become a key reference for the security industry – has jumped from just five organisations in 2012 and 18 last year, to encompass information from some 50 contributing organisations.

That had not only provided new insight into a broader range of attacks, but had given Verizon enough of a high-level view that it has been able to categorise the security attacks into broad categories including denial of service (DoS), crimeware, Web applications, cyber espionage, insider misuse, miscellaneous errors, card skimmers and theft/loss.

Particular industries were more vulnerable to particular types of attacks: for example, healthcare organisations were the most highly represented in the theft/loss category while management companies dominated the DoS space and mining companies were most likely to be victim to espionage attacks.

"The data seems to suggest that highly repetitive and mundane business processes are particularly prone to errors," the report's authors concluded. "Misdelivery is the error that we see the most....A mundane blunder, but one that very often exposes data to unauthorized parties."

The DBIR data include specifics about 1361 confirmed data breaches across 95 countries, up from 27 countries in last year's report – providing "a more realistic representation of the threats out there," added Verizon network architect Aaron Sharp.

Interestingly, the figures showed a "downward trend" in financially motivated crimes – due to what the report called "a distorted picture of data breaches" due to unfocused media coverage – while espionage "is on the up", Black said, "and continues to do so year on year."

In many cases, he added, companies were proving to be their own worst enemies as staff proved to be susceptible to social engineering and poor internal security practices left many Asia-Pacific organisations exposed to security attacks.

Poor passwords, for example, were frequently found in many of the organisations where Verizon's own security team had been engaged.

"It's staggering the number of situations companies find themselves in," said Black, noting that numerous Asia-Pacific companies were found to be using passwords like 1234 "across every system in the organisation."

"This is the reality of what we've walked into," he said. "It feels like a conversation we have every year despite the best efforts of everyone. The exploitation of stolen credentials continues to be a issue; we see this as a massive issue around identity management, and a challenge for organisations because of the macro trends in industry around mobility and cloud.

Efforts to secure those environments were continuing to expose weaknesses in companies' security infrastructure, Sharp added, noting that companies "are not just having to manage those credentials, but having to get some control over those credentials."

There were some positives in the report, with the time between a breach happening and its being detected reducing over time – although it is still "a lot longer on average than the security people out there would like," he said.

Shortening the detection timeframe will require a massive effort on the part of the corporate world, but better information is a key part of informing that transformation as the industry recovers from serious attacks like the recent Heartbleed vulnerability.

"One of the motivators behind the DBIR in the first place is to provide some real evidence to the community," Sharp explained. "When I go to talk with customers' security organisations, I have seen security being taken increasingly seriously – and being taken up to the board level. Every circumstance is different, but we hope this information will be useful in helping security people prioritise their security spend."

Join the CSO newsletter!

Error: Please check your email address.

Tags security attacksdatadata securityriskssecurityverizonpasswordsPaul BlackcybercrimeAaron Sharp

More about APACCSOSharpVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place