Study: New cyberthreats come in old packages
A Verizon report says that cyberattacks are increasingly sophisticated, but they're still carried out using the same old delivery techniques — phishing and hacking. Will we ever learn?
The Verizon "2015 Data Breach Investigations Report," released Thursday, reveals that cyberattacks are becoming increasingly sophisticated, but that many criminals still rely on decades-old techniques such as phishing and hacking.
According to this year's report, the bulk of the cyberattacks (70 percent) use a combination of these techniques and involve a secondary victim, adding complexity to a breach.
Additionally, the report found that many existing vulnerabilities remain because security patches were never implemented. In fact, many of the vulnerabilities are traced to 2007 — a gap of almost eight years, the report said. The report points out that many cyberattacks could be prevented simply through a more vigilant approach to cybersecurity.
"We continue to see sizable gaps in how organizations defend themselves," said Mike Denning, vice president of global security for Verizon Enterprise Solutions. "While there is no guarantee against being breached, organizations can greatly manage their risk by becoming more vigilant in covering their bases."
It could be worth their while. Verizon's assessment model for gauging the financial impact of a security breach (based on the analysis of nearly 200 cyberliability insurance claims) predicts that the cost of a breach involving 10 million records will fall between $2.1 million and $5.2 million (95 percent of the time), and depending on circumstances could range up to as much as $73.9 million.
For breaches involving 100 million records, the cost will fall between $5 million and $15.6 million (95 percent of the time), and could top out at $199 million.
The report lists nine threat patterns for cyberattacks, including miscellaneous errors, such as sending an email to the wrong person; crimeware (malware intended to gain control of systems); insider/privilege misuse; physical theft/loss; Web app attacks; denial-of-service attacks; cyberespionage; point-of-sale intrusions; and payment card skimmers.
The full report and additional resources are available from the DBIR Resource Center.
Now in its eighth year of publication, the "2015 Data Breach Investigation Report" analyzes more than 2,100 confirmed data breaches and approximately 80,000 reported security incidents in this year's report alone. The DBIR also includes security incidents that don't result in breaches, in order to offer a better survey of the cybersecurity landscape. Verizon is among 70 global organizations that contributed data and analysis to this year's report.