Six Observations on the 2014 Verizon Data Breach Investigations Report – Part 2 of 2

Cyberespionage is here to stay and as a result, organizations need to be prepared. Once you appreciate the prominence of cyberespionage as a crime, recognize what the Three R’s mean to your organization, and know the importance of quickly detecting in-progress attacks, there are three other observations to take away from this year’s Verizon 2014 Data Breach Investigations Report.

The curse of human weaknesses
Even with all the latest headlines, sadly the Verizon report found that phishing remained one of the most popular attack vectors for cyberespionage (67 percent of breaches), and that weak or compromised passwords were involved in the overwhelming majority of attacks. The prominence of spyware keyloggers and password dumpers attests that passwords continue to constitute a critical weak point in any security strategy. User credentials themselves are top targets in breach scenarios across all industries.

Organizations would do well to train users to identify phishing and other schemes, and trade in their passwords for increasingly affordable authentication solutions leveraging biometrics, locational data, social profile identifiers and behavior patterns.

The attribution distraction
With a broader view into the global cyber landscape, Verizon registered less of a concentration of attacks originating in East Asia, and a growing number in Eastern Europe. But the more valuable finding is that one in four attacks could not be attributed or connected to a nation or region at all. Further credit is due for the authors’ warning to “be wary of threat intelligence vendors claiming to be 100 percent sure an attack is X actor group from Y country with Z motives; they are ‘likely’ incorrect.”

Put more simply: Attribution is difficult. It’s heavily reliant on speculation and researcher bias. And if it’s not delivering a solution, it’s simply a distraction. Organizations, industries and policy makers must understand that every moment spent speculating on attribution is a moment lost to the efforts to determine what needs protecting and actually build and run the required defenses.

Information sharing is central to the solution
Perhaps the biggest takeaway from the 2014 Verizon Data Breach Investigation Report is that more information sharing between industry peers allows us to learn more from each other’s experiences fighting cyberattacks. In the same way that increasing the number of Verizon research contributors shed new light on cyberespionage and other attack patterns, technology providers, enterprises, industries and governments can certainly work harder to learn from our collective experiences and more effectively confront cyberespionage attacks.

If cyberespionage is truly the “crime of the century” we have an obligation as a security industry to work together to address it. This includes sharing cyberespionage attack information between industry peers, working with law makers to incentivize such collaboration, and working with global law enforcement bodies to pursue cyber criminals across borders.