More on the Verizon data breach report
Apr. 29th, 2011 08:02 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneThere's a new threat called an APT, Advanced Persistent Threat, where basically attackers are taking over a company's entire network rather than just compromising databases looking for credit card records. Remediating such an intrusion is not easy.
The scary thing is that they're saying that a reduction in the number of compromised records does not mean that IT shops are doing a better job of implementing security.
Here's some highlights from the Verizon report:
* The average time from compromise to data breach was minutes to days, not weeks or months (see report Figure 37).
* The average time between compromise and the victim discovering it was weeks to months.
* The average time from discovery to containment was weeks to months as well, including 2 percent that took years to never. I suspect this latter stat is far higher in the real world.
* Eighty-six percent of the time, the breach was discovered and reported to the victim by a third party (see report Figure 39), even though the breach probably could have easily been found by the victim if he or she had deployed normal detection systems. Sixty-nine percent of victims had event log evidence of the compromise (see report Figure 41).
* Only 8 percent of attacks required a high level of complexity (see report Figure 34).
* External agents were responsible for 92 percent of attacks and 99 percent of data breaches (see report Figures 7 and 12).
* Insiders were involved in 16 percent of all cases; the crossover with the 92 percent external agent figure is due to collusion.
* The role makeup among internal attackers was as follows: 85 percent were normal end-users, 22 percent were accounting or financial staff, 11 percent were management, and only 9 percent were IT related. (emphasis mine)
http://www.infoworld.com/print/158988
An insider's view on protecting/removing APTs: http://www.infoworld.com/print/141896
http://it.slashdot.org/story/11/04/26/210221/Fewer-Hacked-Records-Does-Not-Mean-Better-Security
The scary thing is that they're saying that a reduction in the number of compromised records does not mean that IT shops are doing a better job of implementing security.
Here's some highlights from the Verizon report:
* The average time from compromise to data breach was minutes to days, not weeks or months (see report Figure 37).
* The average time between compromise and the victim discovering it was weeks to months.
* The average time from discovery to containment was weeks to months as well, including 2 percent that took years to never. I suspect this latter stat is far higher in the real world.
* Eighty-six percent of the time, the breach was discovered and reported to the victim by a third party (see report Figure 39), even though the breach probably could have easily been found by the victim if he or she had deployed normal detection systems. Sixty-nine percent of victims had event log evidence of the compromise (see report Figure 41).
* Only 8 percent of attacks required a high level of complexity (see report Figure 34).
* External agents were responsible for 92 percent of attacks and 99 percent of data breaches (see report Figures 7 and 12).
* Insiders were involved in 16 percent of all cases; the crossover with the 92 percent external agent figure is due to collusion.
* The role makeup among internal attackers was as follows: 85 percent were normal end-users, 22 percent were accounting or financial staff, 11 percent were management, and only 9 percent were IT related. (emphasis mine)
http://www.infoworld.com/print/158988
An insider's view on protecting/removing APTs: http://www.infoworld.com/print/141896
http://it.slashdot.org/story/11/04/26/210221/Fewer-Hacked-Records-Does-Not-Mean-Better-Security
