Assume you’ve been breached. That’s the takeaway from Verizon Enterprise Solutions’ new 2014 Data Breach Investigation Report compiling 10 years of data on over 63,000 security incidents.
What does that mean for mid-market companies? First, the bad news: cyber criminals are innovating faster than organizations’ abilities to detect breaches, says Bryan Sartin, Director of Investigative Response for Verizon. That means every company has to assume it’s vulnerable to an attack.
What’s more, cybercriminals are now operating in groups, and getting better at pooling their resources for attacks. “This is light years of difference from the model of the 17-year-old hacker in his mom’s basement,” Sartin says.
While cyber-attacks on retailers attract a lot of buzz — such as the recent security breach at Michaels Stores that impacted about 3 million customers over eight months — retail point-of-sale attacks are actually decreasing over time, says Sartin.
Meanwhile, cyber-espionage has quadrupled since 2013, in part because of a higher number of reported incidents. Cyber-espionage attacks, which include unauthorized system access by state-affiliated actors, most often impact the professional services, transportation, manufacturing, and mining industries, the report states.
But here’s the good news for mid-size companies: Over 90 percent of all security incidents that occurred over the last decade can be traced to nine basic types of attacks, making it easier for organizations to assess security threats accurately and proactively defend themselves against breaches, says Sartin.
In addition to cyber espionage, these are the most common patterns of attack:
- Miscellaneous errors, or incidents where unintentional actions directly compromise an organization’s security.
- Crimeware, or malware that can gain control of an organization’s systems.
- Insider attacks — any unapproved or malicious use an organization’s resources.
- Physical theft, or incidents where an asset is lost or stolen.
- Web app attacks, which refer to any incident where Web applications are used as the means of attack.
- Point-of-sale intrusions, or remote attacks involving retail transactions.
- Denial of service attacks that make networks and systems, including websites, unavailable to users.
- Payment card skimmer attacks, in which physically implanted skimming devices read magnetic stripe data from payment cards.
The other good news for mid-market companies is that it’s possible to narrow down potential threats even further by industries: 72 percent of the security incidents that occur in any given industry can be attributed to just two or three of these attack patterns, Sartin says.
Financial organizations, for example, are most prone to Web application attacks, denial of service attacks, and payment card skimming. In the manufacturing industry, however, the majority of cyber-attacks come from cyber espionage and denial of service. And according to the report, which contains specific threat information for every industry, retailers are most likely to be hit by denial of service attacks and point-of-sale intrusions.
Cyber-attacks on larger companies often involve an insider breach because these companies are harder to break into from the outside, says Sartin. Cyber-attacks on small and medium sized businesses typically involve Web-based attacks.
“The best offense is a good defense,” he says.
The best way for mid-market companies to build a good security defense in 2014 is to understand the areas in which their organizations and industries are most at risk – and to plan accordingly.
Lisa Wirthman writes about business, women, & social good. She contributes to Slate, Forbes, and other publications and writes a column for the Denver Post. Follow her on Twitter @lisawirthman.