Most data breaches leverage weak, default or stolen passwords: Report

Cyber attackers are well-funded, cunning, ruthless and otherwise mean people But they get a helping hand from their victims, according to the  Verizon 2016 Data Breach Investigations Report.

Released this week, the report found after examining 64,199 incidents and 2,260 breaches in 82 countries — including Canada — that 63 per cent of confirmed data breaches involved leveraging weak, default or stolen passwords. And despite awareness training, a lot of employees still can’t recognize phishing messages.

As usual the breezily-written report provides sobering reading for CISOs, who should pass it on to their teams. Highlights include:

–We’re still suckers: Almost a third (30 per cent) of phishing messages were opened—up from 23 per cent in 2014. And 12 per cent of targets went on to open the malicious attachment or click the link—about the same as 2014 (11 per cent). Of  636,000 targeted phishing emails examined, only 3 per cent of the potential victims notified management of a possible problem.

–It would be a mistake to think the biggest risk you face is from new-to-the-world vulnerabilities. Most attacks exploit known vulnerabilities—where a patch has often been available for months, if not years;

–Don’t obsess over the risk of insiders: The overwhelming number of breaches –upwards of 80 per cent –still are made by external actors;

–Attackers are getting even quicker at compromising their victims (think of how fast a phishing exploit works);

–For all the money CISOs spend on defence, the odds are law enforcement and/or a third party will alter you of a breach, not all the dashboards you have running.

The overwhelming number of breaches and incidents are covered by the same nine patterns seen in the past few years, says the report. The biggest are:

–Miscellaneous errors (17.7 per cent), including shortage of server capacity that causes non-malicious Web traffic spikes to cause applications to crash, and sending sensitive information to the wrong person.

REMEDIES: Keep a record of common errors to increase security awareness training and measure the effectiveness of your controls; Consider using data loss prevention (DLP) software; Make sure your assets are wiped of sensitive data before they’re sold;

–Insider and privilege misuse (16.3 per cent), mainly by insiders. Contrary to what some people think, it’s rarely system admins or developers with elevated privileges that fall victim. End-users account for a third of insider misuse.

REMEDIES: Limit access to sensitive data to those who really need it — and track that access by monitoring user behaviour. Also, track USB usage.

–Physical theft and loss (15.1 per cent), including laptops, USB and other drives, printed documents.

REMEDIES: Encrypt data, train your staff in security awareness and reduce the amount of paper with data classification and printing rules.

–Denial of service (15 per cent). In addition to stopping the organization, DDoS attacks can mask other attacks. (See Web app attacks, below)

REMEDIES: Segregate key servers, chose providers that can protect their service and yours, and, if you have one, test your anti-DDoS service.

–Crimeware (12.4 per cent). Covers the use of malware that doesn’t fit a more specific pattern. Includes ransomware.

REMEDIES: Patch promptly, initiate configuration change monitoring, Examine the different types of malware you’ve fallen foul of—and, if possible, the entry point. This gives intelligence on where to prioritize your efforts. Amd backup systems regularly.

–Web app attacks (8.3 per cent) Many web app attacks are indiscriminate—the attackers found a weak target with a vulnerability they could compromise; or got a foothold through a phishing campaign. Verizon almost 20,000 incidents where compromised websites were used in distributed denial of service (DDoS) attacks or repurposed as phishing sites.

–REMEDIES: Use two-factor authentication. lock out accounts after repeated failed attempts. Consider using biometrics for authentication. Patch promptly.

This is just a small part of the 80-page report. It’s full of nuggets.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now