Data breaches are becoming more complex and are no longer confined to just the IT department, but are now affecting every department within an organization. Each breach leaves a lingering, if not lasting imprint on an enterprise, Verizon 2016 Data Breach Investigations Report (DBIR) shows.
The human element is again front and center this year. Humans continue to play a significant role in data breaches and cybersecurity incidents, fulfilling the roles of threat actors, targeted victims and incident response stakeholders.
Verizon’s Data Breach Digest details 16 common breach scenarios. The cases are each told from the perspective of the various stakeholders involved, such as corporate communications, legal counsel, or the human resources professional.
In 2016, the Verizon RISK Team investigated more than 500 cybersecurity incidents in more than 40 countries. The report once again confirms that there is a finite set of scenarios that occur with data breaches but many permutations occur within each, leading to an expansive range of damage that can be observed in the aftermath of a data breach.
Breaches in the Digest are defined by type of breach, industry, one of nine DBIR incident patterns, and by stakeholder involvement. This year’s 16 data breach scenarios are also classified according to their prevalence and lethality in the field. Ten of the cases represent more than 60 percent of the 1,400 cases investigated by Verizon’s Research, Investigations, Solutions and Knowledge (RISK) Team over the past three years, while the other six are less common but considered lethal or highly damaging to an organization.
For each scenario, you go through a detailed analysis of how the attack occurred, level of sophistication, threat actors involved, tactics and techniques used and recommended countermeasures.
Amongst the more interesting cases included are:
- IoT breach on a university campus – where hackers gained control of every IoT device deployed across a university campus; turning connected streetlights, and vending machines into a botnet army and bringing network connectivity to a standstill for students in the process.
- Cloud security failure – The compromise of an ecommerce system, when hackers planted a bogus form in the checkout page to capture customer card details. During the forensics process, the retailer learned that its web developer had enlisted the services of a low-cost cloud provider in India, which was storing its customer data on servers in Malaysia in breach of data protection.
- Half a million in refunds stolen from regional water supplier – A malicious third party insider accessed customer accounts with refunds due, altering their bank details so the payments were redirected to fraudulent accounts in England, subsequently stealing £500,000.
- Videogaming DDoS – One of the biggest DDoS attacks launched against a gaming company during the launch week of a new product, preventing access for genuine gamers.
- Smartphone app breach – An opportunistic attack that compromised a travelling CSO’s smartphone, by exploiting vulnerabilities in a popular VoIP app that is susceptible to code injection attacks when the user had connected to an insecure free public wi-fi hotspot.
This year’s report points to five actions an organization should take in the aftermath of a breach:
- Preserve evidence; consider consequences of every action taken
- Be flexible; adapt to evolving situations
- Establish consistent methods for communication
- Know your limitations; collaborate with other key stakeholders
- Document actions and findings; be prepared to explain them.