Welcome!

Wireless Authors: Yeshim Deniz, John Gentry, Shelly Palmer, Liz McMillan, RealWire News Distribution

Related Topics: Virtualization, Wireless, SOA & WOA, Cloud Expo, Security, SDN Journal

Virtualization: Blog Feed Post

Targets of Opportunity

Overall, the report covers 47,000 reported security incidents

…Is one of the findings in #Verizon’s 2013 Data Breach Investigations Report, which is chuck full of interesting data.  75% of the attack victims were selected because they had a weakness that an attacker knew how to exploit rather than being specifically chosen.  The difficulty of the initial compromise was low for 68% of the breaches meaning the attackers used basic methods or automated tools and scripts.  It also means that there are sloppy configurations, needless services and exposed vulnerabilities that are bringing this attention.

Overall, the report covers 47,000 reported security incidents, of which, there were 621 confirmed data breaches.  This is important since they focus on the 621 confirmed data loss incidents rather than the 47,000 reports.  There will probably be a ton of articles reporting the results but a good place to start is securosis.com with their How to Use the 2013 Verizon Data Breach Investigations Report.  This is a great primer for the document.

There is a pretty even distribution of industries hit from financial to retail and restaurants to manufacturing, transportation and utilities to government and defense contractors.  The overwhelming majority of attacks are perpetrated by outsiders at 92% of the confirmed data breaches with insiders at 14%.  Interestingly, for all reports (the 47,000 not just the 621 confirmed) insiders accounted for 69% of the incidents.  Typically this was due to carelessness rather than criminal misuse.  76% of the network intrusions exploited weak or stolen credentials and most often, the attack was driven by financial motives at 75%.

Some other interesting data for me was that 66% of the breaches remained undiscovered for months or more and 69% of those were discovered by outside entities.  So organizations are in the dark about their intrusions, and it takes an outsider to point it out.  It’s like those people who drive away with the gas hose still hooked to their tank.

I was also curious about breaches as a result of BYOD.  Not many.  In 2011 they only saw 1 breach that involved personally owned devices and only a couple more in 2012.  They will keep watching and do expect that it may increase but for now, so far so good.  Could be because while BYOD is a hot topic, most surveys indicate that only around half the organizations are digging in.

There is a ton more valuable data in the report and it is an easy, fun read for 63 pages of stats.  Right on page 2 they say, ‘Some organizations will be a target regardless of what they do, but most become a target because of what they do.  If your organization is indeed a target of choice, understand as much as you can about what your opponent is likely to do and how far they are willing to go.’  Put it on your list.

ps

Related:

Connect with Peter: Connect with F5:
o_linkedin[1] o_twitter[1] o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]


Read the original blog entry...

More Stories By Peter Silva

Peter Silva covers security for F5’s Technical Marketing Team. After working in Professional Theatre for 10 years, Peter decided to change careers. Starting out with a small VAR selling Netopia routers and the Instant Internet box, he soon became one of the first six Internet Specialists for AT&T managing customers on the original ATT WorldNet network.

Now having his Telco background he moved to Verio to focus on access, IP security along with web hosting. After losing a deal to Exodus Communications (now Savvis) for technical reasons, the customer still wanted Peter as their local SE contact so Exodus made him an offer he couldn’t refuse. As only the third person hired in the Midwest, he helped Exodus grow from an executive suite to two enormous datacenters in the Chicago land area working with such customers as Ticketmaster, Rolling Stone, uBid, Orbitz, Best Buy and others.

Bringing the slightly theatrical and fairly technical together, he covers training, writing, speaking, along with overall product evangelism for F5’s security line. He's also produced over 200 F5 videos and recorded over 50 audio whitepapers. Prior to joining F5, he was the Business Development Manager with Pacific Wireless Communications. He’s also been in such plays as The Glass Menagerie, All’s Well That Ends Well, Cinderella and others. He earned his B.S. from Marquette University, and is a certified instructor in the Wisconsin System of Vocational, Technical & Adult Education.