Verizon 2014 data breach investigations report preview

At the recent RSA conference Verizon shared a brief preview of their upcoming 2014 Data Breach Investigations report;


Basically, the long and short if it is that attackers are getting better and quicker this 75% (or more) of attacks succeeding within days or less, and only 25% (or less) of the time do organisations discover the attack within a similar timeframe.

So attackers are getting into our networks very quickly and successfully, and we are still in general very bad at discovering the compromises until it is far too late.

This looks like a continuation of some of last years key messages, you will be breached, networks are so complex and pours, and applications still so very vulnerable.  Detection is key, having the ability to quickly spot, and act on, indicators of compromise (IOC).  Security must improve its detective and response capabilities;

Cyber Criminals keep getting better at what they do, the security is failing to keep pace.

What are your thoughts, how can we improve the situation?

One thing I often wonder about is the role of security in not only keeping up with the threat landscape and how to prevent (well reduce the likelihood of) breaches, and to ensure they are discovered, but to also communicate this to the wider IT and business teams.

How do we get the wider business and IT community to ‘get that security cannot be an afterthought’?

Across multiple different roles, much of my life seems to have been filled up with debates about what the minimum security requirements are, and what has to be down to scrape through regulatory audits.  The discussion should focus on what needs to be done to protect the data in our care.  Have you successfully moved this discussion on and changed a businesses culture to be focussed on how to deliver securely?

Some upcoming posts will cover both thoughts on how to deal with the evolving advanced threat landscape and advanced attacks, and also ways we can get security to have the right priority and focus – we don’t have to just deliver, we can deliver securely!


RSA’s First UK Data Security Summit – part 2: Verizon Data Breach Report 2013

The Verizon Data Breach Report 2013 was publicly released on Tuesday (23rd April).  We were given a world preview and initial review, with the headline of critical findings for business, as one of the key talks during the RSA UK Data Security Summit.

The report can be downloaded from here;

How as an organisation can we better understand our threat landscape?

Who gets attacked?Everyone – no one is immune;

  • Finance companies account for 34% of attacks
  • Attacks occur across all verticals and all business sizes
  • We are subject to continuous, non stop attacks
  • 19% of all attacks investigated appear to be state sponsored espionage – this also impacts companies of all sizes!

Who are the attackers?

  • Activists – maximise disruption / cause embarrassment etc.
    • basic, opportunistic, sheer numbers
  • Criminals – financial gain – PII, card details, proprietary business data
    • More calculated and complex, but still often opportunistic, trade information for cash
  • Spies – get exactly what they want – will stick at it until they get what they want much more than the first two.
    • most sophisticated tools (often), most targeted attacks, relentless

What to worry about (what are the trends)?

  • Same as last years
  • 75% breaches – financial motives
  • 95% of espionage used phishing!
  • Don’t ignore well established threats

What do they target (assets)?

  • Desktops 25%, file servers 22%, laptops 22%
  • Unapproved hardware accounts for 43% of misuse cases
  • BYOD / consumerisation has had little impact on the figures so far (maybe due to report being US centric?)

Many data breaches have unintentional element – many attacks focus on perhaps less trained / savvy staff – 46% originated through call centre staff

 69% of breaches spotted by third party (9% were customers)

  • most breaches still not spotted by breached company despite all the log data etc in the company.

Minimal time to attack – 84% of cases attack to compromised data took hours or less.  ~20% took minutes or less!

  • How quickly can you react, how quickly can you find the breach?
  • 66% of cases breaches took months or even years to be discovered!  How much data could be stolen in this time, what could they find out, what would the repetitional damage be?

Most organisations are a target because of what they do;

  • What do you do, and who wants you data?
  • Investigate profiling threat actors.


  • Make security company wide
  • Create better, faster detection – people, process, technology
  • Don’t underestimate tenacity
  • Understand threat landscape

 Security awareness training is still key!

So overall despite the evolving threat landscape, in many ways little has changed..  However. this report is definitely worth a read, and the inclusion of state actors in addition to criminals and activists / hactivists keeps it relevant and an line with reality.