Cyber security suffers from a detection deficit
Organisations are struggling with a growing "detection deficit" in dealing with data breaches. Close to 90 per cent of breaches are completed within a day, up from 75 per cent a decade ago, while only about 25 per cent of breaches are discovered within a day.According to Verizon's latest annual Data Breach Investigations Report, the range of methods used for cyber-attacks is growing and so is the level of sophistication of the attackers, making detection harder. Verizon's data set is made up of over 64,000 incidents, of which 2260 were confirmed data breaches, affecting organisations in 82 countries.Public sector organisations were the worst affected, accounting for more than half the total number of incidents. Financial services came in third, after entertainment.However, when only "confirmed breaches" were analysed, the financial services industry was way out in front.An incident is a security event that compromises the integrity, confidentiality or availability of an "information asset". A confirmed breach is an incident that results in the confirmed disclosure of data to an unauthorised party.Close to 90 per cent of breaches were external and financial gain was the motive for the attack in around 80 per cent of cases.Types of attacks include website breaches, point of sale intrusions and physical skimming attacks, privilege misuse (internal attacks), physical theft or loss, cyber espionage and denial of service attacks.Websites are a happy hunting ground for cyber criminals. Almost 20,000 incidents involved the use of websites to host malware, participate in distributed denial-of-service attacks or to operate as re-purposed phishing sites.An example of a sophisticated web attack involved infiltrating a content management system to install a "web shell". The shell was used to access payment codes in an ecommerce site to capture online shoppers' payment card number and security number.Point of sale devices continue to be a source of stolen payment card data. In small business it is not unusual to find the POS terminal linked to a computer that is also used for email and social media without any host-based firewall or anti-virus software.Use of stolen credentials is common in breaches, with 63 per cent involving weak or stolen passwords. Merchants figure prominently in breaches featuring the use of stolen credentials.Payment card skimming remains one of the most lucrative and easy to do crimes. The majority of these attacks involve ATMs but petrol pump payment terminals also show up in the data.Phishing is still a popular and effective technique. A typical attack begins with a phishing email, with attached malware designed to steal credentials. In cases analysed, 30 per cent of targets opened phishing emails and 12 per cent went on to click the malicious attachment or link. Those numbers are up on the previous year.Only three per cent of targeted individuals alerted management of their organisation of a possible phishing email.