I’m still digesting the Verizon 2014 Data Breach Investigations Report (DBIR), which was just released last night, but a couple of things have jumped out at me already after a quick read. First, looking at the graph below on the left, it seems that servers are more popular than ever as attack targets. This is interesting, particularly when compared to the decline in User Device breaches.
Are we getting better at security BYOD, or have attackers just realized there is more of what they are after on a server? I would guess “density of lucrative assets per device” factors into this trend. Regardless of the driver, I think this is a good reminder to focus on the assets that could most harm your business and making sure they are secure.
Know what you have, know how it’s vulnerable, configure it securely, and continuously monitor it to ensure it isn’t compromised and remains secure.
On the right, we see the trends in the methods through which breaches are discovered. A few things stand out on this data set:
- Law Enforcement continues to get better at discovering breaches – that is good to see. I still think law enforcement has a PR problem, though – I was talking with a news reporter last week who was asking me why law enforcement isn’t doing anything about catching the criminals. I wish I’d had this graph with me then, so I could show him that law enforcement is actually leading the charge in detecting these breaches, at least as far as the ones that are included in the DBIR. [Note: Yes, I realize, there could be some bias in the sample, as many of these incidents came from law enforcement agencies… but this data is from cases worked by those agencies, regardless of how the initial discovery occurred.]
- Third-party discovery (with or without Law Enforcement) continues to rise. That means most organizations find out they’ve been breach after being notified by someone outside their organization. Part of this may be a side effect of all of the free credit monitoring accounts people have been given as a result of past breaches. What do you think?
- Internal discovery of breaches is flat-lining, which tells me that the traditional efforts of catching our own breaches is still not working. That is a complex problem, but one we need to figure out how to solve on a broad scale. The bad guys will continue to win if we can’t improve the state of the art in incident detection within the enterprise, and a silver-bullet appliance is not enough – this is about composite capabilities comprised of technology, human skills, process, and different thought models than we’ve been using.
Stay tuned for more observations as I am able to digest more of this report. Would love to hear your thoughts, as well…
- Heartbleed and Your SOHO Wireless Systems
- Is User Experience Part of Your Security Plan?
- Stopping the Heartbleed
- Detecting Heartbleed Exploits in Real-Time
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].