Expert Comments on Verizon’s 2016 Data Breach Investigations Report

Ed Rowley, engineer, Proofpoint:

“The Verizon report echoes similar findings to those just released in Proofpoint’s Human Factor report – everybody clicks, and attackers know this. This is one of the reasons why phishing is so successful and why in 2015 attackers overwhelmingly infected computers by tricking people into doing it themselves instead of using automated exploits.

Phishing scams have been and remain popular with threat actors because they are scalable and very profitable, delivering profits both directly in the form of bank transfers and indirectly through the sale of user information, credentials, and compromised accounts. In addition, phishing scams are supported by a sophisticated cybercrime infrastructure that can quickly adapt to changing defenses, making it possible to continuously maintain and improve their effectiveness. Phishing scams continue to be successful because they leverage the one part of an organization’s IT infrastructure that cannot be patched: people.

It is clear that the security message is still not being heard by many employees. With 30 percent of Phishing messages being opened and links in more than 1 in 8 of those subsequently being clicked, organisations need to ensure they have effective protection in place to both prevent these messages from getting through and provide visibility into who is clicking. This needs to be backed up with security awareness training for individuals. It doesn’t need to be complex, either. Anybody growing up in the UK in the 1970s and 1980s, will remember to “Think once, think twice, think bike!”. Perhaps it’s time to “Think once, think twice, think Phish!” A simple message that might resonate with many of the happy clickers out there.”

Jody Brazil, chief product strategist, FireMon:

‘The biggest take away I have from the report is that the number one pattern (of the nine listed) is “miscellaneous errors” which is highlighted by unintentional mistakes.  The following quote was interesting:

“But it’s often a simple mistake by one of your employees that triggers an incident.”

‘I drove a school bus in college (don’t laugh!) and I remember in my training the instructor asking the #1 place to not be caught making a driving infraction (speeding, etc).  We threw out some ideas like, in a hospital zone, a construction zone, etc.  The instructor’s comment:”in a school zone.  Our job is to safely transport kids…don’t be an idiot and make a careless driving mistake exactly where kids are likely to be.”

‘To relate this back to the report and “miscellaneous errors”:  Everyone in a company can make a mistake and put the company at security risk, but don’t let your security experts be the ones to make a security mistake.  Not only should they know better, they are in the position to make the most impact…positive or negative.’

Sagie Dulce, ADC team leader, Imperva:

“Ransomware seems to be gaining momentum. This is no longer the sole problem of a student that gets his or her files encrypted. Attackers understand that your data is perhaps most valuable to you – so why bother figuring out who will buy it? When it’s easier selling it back to the original owner.”

Mark James, security specialist at ESET:

Insider Threats:

It comes as no surprise that data breaches are taking this long to get noticed. Malware is designed to be stealthy, if its good at its job it will be just as stealthy on the way out as it was on the way in, and, if successful, it may infect, replicate and distribute any and all the sensitive data it can without anyone being aware of its existence. In some cases it will attempt to completely destroy itself once successful to hide its tracks and avoid any indication it was ever there. If that’s the case then often the only indication is when the data is found distributed in the cloud for all to see and use. Data encryption is not only the key for keeping data safe it’s also very important in ensuring it does not end up in the wrong hands due to sender misuse. With so much of our daily lives being dealt with in some form of electronic format it’s no surprise that 26 percent of those errors is down to sending it to the wrong person, most of the time you will only find out you should not “have” read it is after you have indeed read it.

Attacks / Data Breaches:

Gone are the days that malware is used for notoriety status. Whilst we still see a limited amount of cyber-attacks purely done for exposure, the biggest motivation is undoubtedly financially driven. With so much of our lives available in the cloud and the ability to hack, steal, spread or manipulate data from almost any location in the world as long as you have a computer handy makes it easier than ever to do so. It is still quite worrying that so many breaches could have been stopped by reasonable measures of defence, weak passwords and known exploits are two of the biggest culprits and also some of the easiest to fix. Simple policies and practices can be put in place to ensure these very basic forms of defence are not the reason your company is laid bear for all to pillage.

Phishing / Credentials:

With these techniques being so talked about it in our daily lives it still baffles me why it’s so successful in today’s modern IT world. So many users are falling foul to the almost perfect website offering to protect the very data they are wanting to steal. I think our failing is that we want to trust other people, we still struggle with the concept of deceit or mistrust and treat our computer screens very differently to our front door. If someone rings your doorbell and attempted to do what your typical everyday phishing email tried you would close the door in a matter of seconds, yet they manage to succeed time and time again on our computers.

Ransomware:

Ransomware continues to wreak havoc on our computers, often because of the explicit damage that’s caused by a successful attack. Unlike malware that’s often only a matter of time to resolve or fix, once your encrypted with ransomware it’s pretty much game over, and even more so if you do not backup! But on the same note it’s one of the simplest attack methods to protect against. If you have regular managed backups then ransomware would in most circumstances not be a real problem at all, restoring the data rather than funding criminal activity by paying the ransom must make more sense surely?