Verizon's annual Data Breach Investigations Report is one of the most anticipated computer security reports of the year. Based on actual data breaches rather than unreliable surveys, the Data Breach Investigations Report paints a realistic picture of the state of cyber crime.
Based on 1,367 data breaches and more than 63,000 security incidents in 95 countries, this year's 2014 report didn't disappoint. No doubt you'll find your own favorite takeaways, but here are the ones that interest me most.
Corporate espionage is on the rise
While malicious hackers in search of financial gain still make up the vast majority (about 60 percent) of cyber criminals, intellectual property spies account for an increasing number over time of data breaches (about 25 percent). Hackers not intent on serious crime (that is, for fun) or who are motivated by a particular ideology were near zero. Some of that decrease must be attributed to the takedown of several of Anonymous' biggest players. Anonymous and its associated hackers are still a very viable threat, but there isn't as much participation since multiple countries' law enforcement agencies made an example of past participants. Not as many people want to jeopardize their day jobs and real lives by banking on the notion that the feds can't get them.
Internal employees, business partners, and collusion threats make up less than 10 percent of overall data thieves
No surprise here, but it's nice to have the data in hand when one of your co-workers erroneously tells you to focus your attention on fighting rogue insiders. My only caveat: Internal employee crime posted a small uptick in 2013, while partner and collusion crime is near zero. The report has good statistics on who is committing insider crime -- cashiers and end-users lead the way. In any case, most real threats are external in nature, and that's where most of your focus should be, unless your experience dictates otherwise.
Hacked stolen creds led the way in root cause
This is no surprise to any network admin. Bad guys gain access to logon credentials and use them to pwn the environment. Data-exporting malware, phishing, RAM scrapers, and backdoor viruses round out the top five threats. "RAM scrapers" refer to attacks against commercial retailers (like Target) and make their second appearance in the top five since 2009. There were RAM scrapers in 2009? I need to re-read the old reports.
Hacks were discovered more often by internal employees than by outsiders
This is a first in DBIR history, and it's a huge development. In past years, your company's pwning would more likely be discovered by outsiders -- feds, another company, vendor, and so on -- than by your own employees, by a large margin. But 2013 is different (aside from POS and Web app attacks) and truly gives us a reason to celebrate. It's one of the few positive data points in this report. This means we are finally starting to look for badness in our event logs and creating actionable alerts. Congratulations, world!