Data Breach Digest Available
Verizon has just released its 2017 Data Breach Digest, this shows that the human element in data breach scenarios is still a significant area of concern. Human intervention has a key role in data breaches and cyber security incidents where they fulfil the roles of threat actors, targeted victims and incident response stakeholders.
Data breaches are more complex and they are not confined to the IT department, they now affect every department within an organization. Each breach leaves a lingering, if not lasting imprint on the enterprise.
A behind-the-scenes look at cyber investigations
Now in its second edition, Verizon’s Data Breach Digest details 16 common breach scenarios and invites the reader to take a behind-the-scenes look at cyber investigations.
The cases that are examined are told from the perspective of the stakeholders who were involved, such as corporate communications, legal counsel, or the human resources professional.
“Data breaches are growing in complexity and sophistication,” said Bryan Sartin, executive director, the RISK Team, Verizon Enterprise Solutions. “In working with victim organizations, we find that breaches touch every part of an organization up to and including its board of directors. Companies need to be prepared to handle data breaches before they actually happen in order to recover as quickly as possible. Otherwise, breaches can lead to enterprise-wide damage that can have devastating and long-lasting consequences such as a loss of customer confidence or a drop in stock price.”
Identify signs of data breaches
“The Data Breach Digest is designed to help businesses and government organizations understand how to identify signs of a data breach, important sources of evidence and ways to quickly investigate, contain and recover from a breach,” added Sartin.
The report once again confirms that there is a finite set of scenarios that occur with data breaches. However there are a number of permutations that occur within each. This leads to an expansive range of damage that can be observed in the aftermath of a data breach. Breaches in the Digest are defined by type of breach, industry, one of nine DBIR incident patterns, and by stakeholder involvement.
This year’s 16 data breach scenarios are classified according to their prevalence and how lethal they were. Ten of the cases represent more than 60 percent of the 1,400 cases investigated by Verizon’s Research, Investigations, Solutions and Knowledge (RISK) Team over the past three years. The remaining six are less common but considered lethal or highly damaging to an organization.
Eeach scenario gives a detailed analysis of how the attack occurred, the level of sophistication, the threat actors that were involved, the tactics and techniques that were used, and the recommended countermeasures.
Sixteen scenarios examined
The report groups the 16 scenarios into four different types of breaches and gives each a personality, including these examples:
- The human element
- Partner misuse – The Indignant Mole
- Disgruntled employee – The Absolute Zero
- Conduit devices
- Mobile assault – The Secret Squirrel
- IoT calamity – The Panda Monium
- Configuration exploitation
- Cloud storming – The Acumulus Datum
- DDoS attack – The 12000 Monkeyz
- Malicious software
- Crypto Malware – The Fetid Cheez
- Unknown unknowns – The Polar Vortex
This year’s report points to five actions an organization can take in the aftermath of a breach:
- Preserve all evidence; consider the consequences of every action taken
- Be flexible; learn to adapt to evolving situations
- Establish consistent communication methods
- Understand your limitations; collaborate with other key stakeholders
- Document your actions and findings; be prepared to explain them.
Verizon’s Data Breach Digest series
To preserve anonymity, Verizon has modified/excluded certain details of each real-world situation. This includes changing names, geographic locations, quantity of records stolen and monetary loss details. Everything else you will read has been imported directly from Verizon’s case files.
The Verizon RISK Team performs cyber investigations for hundreds of commercial enterprises and government agencies across the globe. In 2016, the RISK team investigated over 500 cybersecurity incidents in more than 40 countries.