May 14, 2014

Key Takeaways from the Verizon Data
Breach Report (DBIR)

In today’s Whiteboard Wednesday, Jay Roxe, Senior Director of Product Marketing will talk about some of the key takeaways from the 2014 Verizon Data Breach Investigation report. He will reflect on some of the bigger trends that we should be thinking about today as well as in the future and highlights the biggest risk to your organization, your users. Watch this week’s video to learn more.

Want to get a better view of today's whiteboard? Zoom in on the image.

Download a copy of the Verizon Data Breach Investigation Report.

Read Video Transcript

The Verizon Data Breach Report every year is a tour of some of the most significant breaches of the past year and some great "Princess Bride" references. So, welcome to "Whiteboard Wednesday" and your tour of the fire swamp.

My name is Jay Roxe. I'm the Director of Product Marketing here at Rapid7, and I want to talk a little bit about the 2014 Verizon Data Breach Report. This is a collection done by Verizon of their research on some of the most significant breaches in the industry and sources information from a number of investigative and government sources.

There are a couple of key things to know about this report before you get asked by your boss, because this is one of the most widely-read reports of the industry. While it's always been an interesting analytical report, they took a new tact this year and divided it up into nine categories of breaches that represent about 93% of the things that we saw. It's point-of-sale intrusions, web app attacks, insider and privilege misuse, physical theft and loss, crime-ware, payment card skimmers, denial of service, cyber-espionage and the ever-important miscellaneous.

But, there's a couple of things that get called out that kind of go across these categories. The first is "Change your mindset." If you haven't accepted the fact that you're going to get breached, now would be a good time to make that shift. The report calls out such startling statistics as for a point of sale device, 88% of the time, the intruders got in within minutes or seconds. Yet, it would take the responding team weeks or months to figure out that somebody had been there. This is not a good trend. As the report says, it takes us a month of Sundays to figure out that somebody’s been in. And, these breaches are getting more expensive.

Not coming out of the Verizon Breach Report, but coming out of some research that was done by the government in the UK, we find that the average cost of breach for a significantly sized company, is £600,000 to £1.15 million. For those of us watching in the United States, we can approximate that to $1 million to $2 million. This should be enough to wake people up and make sure that they're interested in detecting when the breach is occurring.

But, it also calls out a number of things that we can do that are simple best practices. Let's at least make it harder for people once they're in. Get your network segmentation right. Make sure that if somebody gets in to one part of your network, they're not getting all of the information. And, as the report capitalizes, patch all the things. Let's make sure that we're making it harder for people to break in, extract data.

But, another trend -- and this impacts everybody that uses your network -- is that stolen credentials have become the most common way of getting into the network. This is a real shift from 2009 when they were up from where they were in the middle of the pack; they're now the most common way of getting into the network. And, the closely-related topic of phishing is number three.

When you start looking at how easy it is to compromise somebody’s credentials, the only thing you'll think is "inconceivable." However, the bad guys have clearly spotted this as well because there is now a market for these credentials where they can be repackaged, sold. So, even if you're not going to break into the network yourself, you can get access to them.

In fact, it's now so common to re-market credentials that they're number three behind payment bank card information in terms of the things that people are going to take when they break into your network. This makes it really easy to move laterally within the network. Once somebody is in, if they have credentials, they can pivot, they can find other credentials. They can escalate their privileges, elevate their privileges and really have the ability to capture a lot of information.

There's a lot of different ways that you should think about securing the information in your network and protecting your users. But, one of the top ones, as you chop down your fire swamp, is to make sure that you're keeping good logs in terms of what's happened on your network, so that you can spot either at the time or forensically, what may have happened and eliminate the sources of the breach.

Thank you for attending this "Whiteboard Wednesday." I hope you've enjoyed this review of the 2014 Verizon Data Breach Investigations Report. And it's given you something to chew on as you think about your security program. Associated with this recording, you'll find the link that will take you not only to the actual report, but also to a more in-depth webinar that we're doing at Rapid7 that highlights some more of the things coming out of the report, and some of the actions you may want to take to help secure your environment.

Live Webcast

Top Takeaways from the 2014 Verizon DBIR

Register Today