Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Verizon 2015 Data Breach Investigations Report

“Verizon’s “2015 Data Breach Investigations Report,” released today, reveals that cyberattacks are becoming increasingly sophisticated, but that many criminals still rely on decades-old techniques such as phishing and hacking. According to this year’s report, the bulk of the cyberattacks (70 percent) use a combination of these techniques and involve a secondary victim, adding complexity to a breach. Another troubling area singled out in this year’s report is that many existing vulnerabilities remain open, primarily because security patches that have long been available were never implemented. In fact, many of the vulnerabilities are traced to 2007 — a gap of almost eight years. As in prior reports, this year’s findings again pointed out what Verizon researchers call the “detection deficit” — the time that elapses between a breach occurring until it’s discovered. Sadly, in 60 percent of breaches, attackers are able to compromise an organization within minutes. Yet the report points out that many cyberattacks could be prevented through a more vigilant approach to cybersecurity. “We continue to see sizable gaps in how organizations defend themselves,” said Mike Denning, vice president of global security for Verizon Enterprise Solutions. “While there is no guarantee against being breached, organizations can greatly manage their risk by becoming more vigilant in covering their bases. This continues to be a main theme, based on more than 10 years of data from our ‘Data Breach Investigations Report’ series.” This year’s comprehensive report offers an in-depth look at the cybersecurity landscape, including a first-time overview of mobile security, Internet of Things technologies and the financial impact of a breach. The report indicates that, in general, mobile threats are overblown. In addition, the overall number of exploited security vulnerabilities across all mobile platforms is negligible. While machine-to-machine security breaches were not covered in the 2014 report, the 2015 report examines incidents in which connected devices are used as an entry point to compromise other systems. The report also examines the co-opting of IoT devices into botnets — a network of private computers infected with malicious software and controlled without the owners’ knowledge — for denial-of-service attacks. This data reaffirms the need for organizations to make security a high priority when rolling out next-generation intelligent devices.”

Sorry, comments are closed for this post.