By applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically.
Verizon security researchers, using advanced analytical techniques, have found that 92 percent of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry (Fig. 19). This finding, the highlight of Verizon’s“2014 Data Breach Investigations Report,” will enable a more focused and effective approach to fighting cyber threats.
“After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime – and the bad guys are winning,” said Wade Baker, principal author of the Data Breach Investigations Report series. “But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically.”
“Organizations need to realize no one is immune from a data breach. Compounding this issue is the fact that it is taking longer to identify compromises within an organization – often weeks or months, while penetrating an organization can take minutes or hours,” Baker said.
The DBIR identifies the nine threat patterns as: miscellaneous errors such as sending an email to the wrong person; crimeware (various malware aimed at gaining control of systems); insider/privilege misuse; physical theft/loss; Web app attacks; denial of service attacks; cyber espionage; point-of-sale intrusions; and payment card skimmers.
This year’s report found that on average, just three threat patterns cover 72 percent of the security incidents in any industry.
For example, in the financial services sector, 75 percent of the incidents come from Web application attacks, distributed denial of service (DDoS) and card skimming, while 54 percent of all manufacturing attacks are attributed to cyber espionage and DDoS. In the retail sector, the majority attacks are tied to DDoS (33 percent) followed by point-of-sale intrusions (31 percent).