Industry reactions to the Verizon 2017 Data Breach Investigations Report

Nearly 2,000 breaches were analyzed in this year’s Verizon 2017 Data Breach Investigations Report and more than 300 were espionage-related. Here are some of the comments Help Net Security received on the report.

reactions Verizon 2017 report

John Madelin, CEO at Reliance acsn

Today’s report highlights that businesses must rethink their protection strategies to guard against cyber attacks. The fact that 88% of breaches identified in the report fall into patterns first identified in 2014 is an illustration of the need for businesses to identify and properly secure their critical data and assets against attack. The continued success of tried and tested methods deployed by hackers is indicative of senior leaders lacking the knowledge to approach the issue, and instead relying on quick fixes. The truth is, the patchwork of security solutions that are deployed in many organisations are too often ineffective in securing the data at the heart of business today.

This also reflects on the security industry more broadly. Client organisations should be educated on the structure of their data assets, and how to manage their security holistically. The correct technology and process, coupled with effective alerting, alarming and active hunting for threats will set organisations on the right path to avoiding disasters.

It’s high time a structured approach to cybersecurity is deployed across the industry to reduce the damage caused by hackers. Most importantly for business leaders, as well as promising better protection this more focused and integrated approach always results in better economics overall.

reactions Verizon 2017 report

Pete Banham, Cyber Resilience Expert at Mimecast

Impersonation fraud and ransomware attacks via email are now the easiest ways for criminals to steal money and valuable data.

Impersonation attacks rarely include a malicious link or attachment, bypassing many traditional security detections. Ransomware is a well-organised threat, with many organisations choosing to pay off hackers quietly to make the threat go away instead of combatting the problem.

The best defence against these types of attack is a layered approach to security, including sandboxing of email attachments, stamping of external email with warnings and on-going employee awareness campaigns.

reactions Verizon 2017 report

Fraser Kyne, EMEA CTO at Bromium

What most interested me in this year’s DBIR was that phishing attacks are actually becoming even more prevalent. One in 14 users are being duped into clicking on a bad link or attachment; but even worse, a quarter of those people go on to do it again! There is a phrase that I think is very apt here – “You can’t patch stupidity”.

Essentially, what the DBIR shows us is that you can have the best education, the best processes and the most on-point detection capabilities available, but you will still take a hit. People within the organisation will always find a way around security to get their job done, and clever hackers will always trick end-users into doing something stupid. That’s probably also why we saw such a drastic spike in ransomware in this year’s DBIR; phishing is a great vehicle for hackers to deliver their payload and get ransomware running on a user’s machine. The fact is that however cyber-savvy they are, end-users will always be the weakest link in security.

Organisations therefore need to shift the onus away from controlling user behaviour if they are to get a handle on the situation. The best way of mitigating phishing attacks is to have a safety net in place, allowing end-users to click with freedom, without having to worry too much about stumbling upon a bad link or malicious attachment. Micro-virtualisation is key to this, ensuring that each user task is contained within its own fully isolated and unique virtual environment. As a result, any malicious files are trapped within that virtual machine, posing no risk to the rest of the system. If a user finds themselves opening a malicious email or document, they can simply close down that window, and the threat disappears.

reactions Verizon 2017 report

Ilia Kolochenko, CEO at High-Tech Bridge

As in the previous report from 2016, insecure web applications dominate the top attack vectors in almost all the industries. Cybercrime is a [criminal] business, and thus follows the basic rules of business: spend less, get more. Attackers are always looking for the weakest link in your IT infrastructure, before leveraging expensive 0days and complicated APT attacks.

Today, the majority of large organizations and governments can be easily breached via their web and mobile (backend) applications. Emerging risk comes from third-party applications, which are exploited by hackers to compromise your trusted third-party and get access to your data afterwards – cloudization, outsourcing and IT externalization aggravate this complicated challenge.

The report confirms Google’s research, which found a 32% increase in website hacking in 2016. Application security becomes a major problem for organizations and should be addressed as a high priority.

reactions Verizon 2017 report

Darren Anstee, CTO at Arbor Networks

Verizon’s Data Breach Investigations Report is an industry gold standard for examining the threat landscape. The fact that it reveals the risk of DDoS attacks has never been higher for industries such as finance, retail and others who are reliant on Internet services and manage large quantities of high value data really emphasises the serious situation facing businesses today.

Organisations in these sectors must invest appropriately to protect themselves and their customers. They can do this by taking the fight to cyber-criminals with improved intelligence sharing and better co-operation with law enforcement. Businesses should also implement layered security, using on premise solutions to deal with targeted attacks and then the cloud to deal with large volumetric attacks. Organisations need to also strengthen their visibility and threat detection capabilities across internal networks so that they have broad and deep visibility of network traffic, threats and user behaviour.