Every year, Verizon partners with companies to in order to provide and publish security information to the public. This Security Breach Report includes the number of security breaches, the types of attaches, as well as successful attacks. Although this information may not be 100% accurate, as some of the industries are not obligated to report their internal information or they do not record this information, however the trend is extremely interesting.
I would like to outline a few things. Number one, the largest target for these attacks are financial institutions and the government, with the finance industry as the most attacked. Second to these industries would be social media, entertainment industry, and retail stores.
The three biggest factors are hacking, sending malware to infect computers and then social. Compared to these three, everything else is relatively small. Another point of interest is the amount of attacks on physical servers and infrastructure are going down. Which essentially means that IT groups are making great efforts to defend from frontal attacks. Additionally, what is on the rise is attacks on personal devices. The idea is that “I want to attack your droid or your iPhone or your iPad and then when you take this iPad to your office and connect to the office, this iPad will affect systems from within then spread and steal data”.
Another item that we want to highlight is that the infiltration or breaching affecting these local systems happened in hours or even in minutes, but identifying and remediating the problem can take days. So although it might be hard for hackers to get in, once they are there they can get their work done very quickly. While we as IT groups protect very well, as soon as we miss something, it will take a very long time to identify, heal, and recover from the bullet that we just got through our armor. I believe that over the next few years, that this will be a very hot subject, which will help focus on identifying if something went through and hopefully causing the remediation process to become much faster.
In addition, this report still shows that some vulnerabilities are still exploitable. Vulnerabilities from 2005 are still exploitable and still exist on the internet. So what hackers are doing is arming and preparing ammo for those vulnerabilities, just “preying” through the internet looking for a fish. So, when IT departments implement strong patching policies, they can successfully prevent successful security breaches.
We also took two pieces of data that the report compiled that provided our own analysis on the amount of attacks reported by the industry and reported successful attacks. That percentage would show the type of the industry that was attacked (it's not an accurate number because the samples are very different – for example financial companies are much more often attacked, then let's say construction or agriculture,) but still this gives us a way to assess how industries are protected, so we were very surprised that more than 50% of attacks on the financial industry were successful and this more or less is a concrete number because financial industries are mandated to report security attacks and especially successful security breaches. So still very high. And the leading divorce of readiness is shown by the retail industry, where 86% of attacks are successful, perhaps this is because not all attacks are reported. For example, the retail industry is not obligated to report all attacks, but still the numbers are very high, which is probably due to the small size of the companies, because these small shops can just throw together any small website using any local small blender or go on Amazon where attacks through them are much easier because these small retails don't have the same amount of protection that a big financial institution would deploy.
Below is a chart compiling the analysis of reported attacks and successful attacks by industry, as previously referenced.
|
Industry |
Number of Attempted Attacks |
Number of Successful Attacks |
Percentage of Successful Attacks |
|
Accommodation |
362 |
282 |
77.9% |
|
Administrative |
44 |
18 |
40.91% |
|
Agriculture |
4 |
1 |
25% |
|
Construction |
9 |
4 |
44.44% |
|
Educational |
254 |
29 |
11.41% |
|
Entertainment |
2,707 |
38 |
1.40% |
|
Finance |
1,368 |
795 |
58.11% |
|
Healthcare |
166 |
115 |
69.28% |
|
Information |
1,028 |
194 |
18.87% |
|
Management |
1 |
0 |
0% |
|
Manufacturing |
171 |
37 |
21.64% |
|
Mining |
11 |
7 |
63.64% |
|
Other Services |
17 |
11 |
64.71% |
|
Professional |
916 |
53 |
5.79% |
|
Public |
47,237 |
193 |
0.41% |
|
Real State |
11 |
5 |
45.45% |
|
Retail |
159 |
137 |
86.16% |
|
Trade |
15 |
4 |
26.67% |
|
Transportation |
31 |
15 |
48.39% |
|
Utilities |
24 |
7 |
29.17% |
|
Unknown |
9,453 |
270 |
2.82% |
Conclusion
We feel that the concentration of IT departments should be focused on hardening the mechanisms of protection from intruders, but additionally, they should be working on collecting data to speed up the identification of a breach process and the remediation of the breach. In this area, many industries have a long way to go to be able to defend themselves, where the industry would be okay if only 10% or 20% attacks would go through, but not 80% of the attacks.
So what is the key knowledge of defending ourselves from the hackers? There are 3 factors that IT professionals should be concentrating on at this time:
- Visibility. With the tools such as Big Data, more information can be collected and be available for alerting, in addition to analysis.
- Security Intelligence. The security information collected with big data tools should be aggregated and enriched by Structured Threat Information through STIX/TAXII mechanisms for alerting, automatic decision making, as well as future analysis.
- Analysis. Security Event and Incident Management Systems should allow CIRT (computer incident report team) to analyze incidents quickly.
We suggest that everyone reads the full report. The link can be found through Digital Edge’s website.
Verizon is doing an excellent job collecting these statistics and compiling the data to help keep all of us informed.
Please stay safe everyone!
