NEWPORT, R.I. – As part of the ongoing Rhode Island Corporate Cybersecurity Initiative (RICCI), the Pell Center recently hosted a cybersecurity seminar in collaboration with Verizon focused on major cyber-attack patterns and how to help businesses improve their defenses in combating them.
As identified by Verizon in the 2014 Data Breach Investigations Report (DBIR), today’s cyber attacks happen faster and more frequently than ever. Thousands of breaches are attempted every second, and successful ones take just minutes to move from intrusion to compromise. In this persistent fight against cyber intrusions, cyber intelligence is probably the greatest ally organizations have and an attacker’s worst enemy.
Verizon’ Director of Cyber Security and Public Safety, Mr. Andy Bonillo, shared with the group of senior executives gathered for the seminar an overview of the latest attacks, trends, and patterns from the 2014 DBIR—one of the most anticipated annual computer security reports in the field.
“In order to build the right defenses and effectively protect your business,” Mr. Bonillo explained, “you need to first know more about the threats you face. The Verizon DBIR has, for years, been the best source of insight about the threat landscape. Over 50 global organizations have contributed data and analysis to this year’s report.”
The 2014 DBIR report covered over 63,000 security incidents from 95 countries, including 1,367 confirmed data breaches, and focused on several issues, including cyber espionage, attacks against point-of-sale (POST) systems, denial-of-service, physical theft and loss, insider threats, crimeware, and web application attacks.
“Over the years,” Mr. Bonillo continued, “we realized that we needed to create an open source framework to share publicly available data on cyber threats and use this intelligence-gathering to enable enterprise organizations to more strategically determine their best defense. We also needed to demystify cyber, so no technical intelligence went into building the 2014 DBIR.”
“It’s hard to transfer security into business, so we’re trying to help businesses see how some of their actions can also pose risks and show them how applying big data analytics to security risk management can help in combating cybercrime more effectively and strategically—managing information security risk is now key for every Boardroom.”
“Unfortunately,” Mr. Bonillo noted, “we are losing the innovation battle.” Over the past decade, attackers have cut the time it takes to compromise a system but our detection methods haven’t been able to keep pace. “The cyber innovation gap (time to compromise vs. time to discovery) is increasing and speed of detection still not good enough,” he continued.
Other key findings in the report include:
- Internal and partner threat actors still fairly consistent, while external attacks continue to outweigh insider attacks;
- Espionage-motivated incidents are up again in the 2014 report, possibly due to increased visibility;
- Social engineering, malware, and hacking are on the rise; and
- The use of stolen and/or misused credentials (user name/passwords) continues to be the No. 1 way to gain access to information.
After responding to many questions from the interested audience, Mr. Bonillo encouraged the organizations represented in the room to focus on: (1) gaining better knowledge about their sector and company threat landscape; (2) prioritize intelligence collection and cyber risk management; (3) strengthen partnerships with local law enforcement, policy-makers, and especially with boards of directors; and (4) join information-sharing groups. “If I was a CISO, I would make sure to have a relationship with the local FBA and secret services—you get ahead, you need to be as close to the threat as possible, know what are they investigating today. You need to understand their processes to be able to reach out to them and build a partnership with them.”