Data breaches are becoming more complex
and are no longer confined to just the IT department, but are now affecting
every department within an organization. Each breach leaves a lingering, if not
lasting imprint on an enterprise, finds the 2017 Data Breach Digest.
As we found in the Verizon 2016 Data
Breach Investigations Report (DBIR), the human element is again front and
center this year. Humans continue to play a significant role in data breaches
and cybersecurity incidents, fulfilling the roles of threat actors, targeted
victims and incident response stakeholders.
Now in its second edition, Verizon’s Data
Breach Digest details 16 common breach scenarios, inviting the reader to take a
behind-the-scenes look at cyber investigations that tell the stories behind the
company’s annual Data Breach Investigations Report (DBIR). The cases are each told
from the perspective of the various stakeholders involved, such as corporate
communications, legal counsel, or the human resources professional.
“Data breaches are growing in complexity
and sophistication,” said Bryan Sartin, executive director, the RISK Team,
Verizon Enterprise Solutions. “In working with victim organizations, we find
that breaches touch every part of an organization up to and including its board
of directors. Companies need to be prepared to handle data breaches before they
actually happen in order to recover as quickly as possible. Otherwise, breaches
can lead to enterprise-wide damage that can have devastating and long-lasting
consequences such as a loss of customer confidence or a drop in stock price.”
“The Data Breach Digest is designed to help
businesses and government organizations understand how to identify signs of a data
breach, important sources of evidence and ways to quickly investigate, contain
and recover from a breach,” added Sartin.
2017
Data Breach Digest scenarios based on type, industry, incident pattern and
stakeholder involvement
The report once again confirms that
there is a finite set of scenarios that occur with data breaches but many
permutations occur within each, leading to an expansive range of damage that
can be observed in the aftermath of a data breach. Breaches in the Digest are
defined by type of breach, industry, one of nine DBIR incident patterns, and by
stakeholder involvement.
This year’s 16 data breach scenarios are
also classified according to their prevalence and lethality in the field. Ten of
the cases represent more than 60 percent of the 1,400 cases investigated by Verizon’s
Research, Investigations, Solutions and Knowledge (RISK) Team over the past
three years, while the other six are less common but considered lethal or
highly damaging to an organization.
For each scenario, you go through a
detailed analysis of how the attack occurred, level of sophistication, threat
actors involved, tactics and techniques used and recommended countermeasures. Content
is derived from the RISK Team caseload and categorized according to the standardized
VERIS (Vocabulary for Event Recording and Incident Sharing) Framework used to
compile the DBIR.
The report groups the 16
scenarios into four different types of breaches and gives each a personality,
including these select examples:
-
The
human element
o
Partner misuse – The Indignant Mole
o
Disgruntled employee – The Absolute Zero
-
Conduit
devices
o
Mobile assault – The Secret Squirrel
o
IoT calamity – The Panda Monium
-
Configuration
exploitation
o
Cloud storming – The Acumulus Datum
o
DDoS attack – The 12000 Monkeyz
-
Malicious
software
o
Crypto Malware – The Fetid Cheez
o
Unknown unknowns – The Polar Vortex
This year’s report points to five actions
an organization should take in the aftermath of a breach:
·
Preserve evidence; consider consequences of
every action taken
·
Be flexible; adapt to evolving situations
·
Establish consistent methods for
communication
·
Know your limitations; collaborate with other
key stakeholders
·
Document actions and findings; be prepared to
explain them.
Verizon’s Data Breach Digest series
To preserve anonymity, Verizon has modified/excluded
certain details of each real-world situation including changing names,
geographic locations, quantity of records stolen and monetary loss details. Everything
else has been imported straight from Verizon’s case files.
The Verizon RISK Team performs cyber investigations for
hundreds of commercial enterprises and government agencies across the globe. In
2016, the RISK team investigated more than 500 cybersecurity incidents in more
than 40 countries. In 2008, the results
of this team’s field investigations were the genesis of the first Data Breach
Investigations Report, an annual publication that dissects real-world data
breaches with the goal of enlightening the public about the nature of threat
actors behind the attacks, the methods they use, including the data they seek
and the victims they target.
To access the full digest, visit: http://verizonenterprise.com/databreachdigest