Verizon Enterprise Solutions (VZ)'s new 2014 Data Breach Investigations Report (DBIR), shows "the bad guys are winning." The report is the result of big data analysis of more than 1,300 confirmed data breaches and more than 63,000 reported security incidents. It concludes that nine basic attack patterns make up 92 percent of security incidents over the last 10 years.
"After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime – and the bad guys are winning," Wade Baker, the report's principal author, said in a prepared statement. "But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically."
The nine types of attacks identified in the report are:
- Crimeware (malware aimed at gaining control of systems)
- Distributed denial of service (DDoS) attacks
- Insider/privilege misuse
- Miscellaneous errors such as sending an email to the wrong person
- Payment card skimmers
- Point-of-sale (POS) intrusions
- Physical theft/loss
- Web app attacks
Researchers said more than 5,900 data breaches have occurred over the last 10 years. In addition, the DBIR revealed no organization is immune to a data breach.
"This year's report offers unparalleled perspective into the world of cybercrime based on big data analysis," said Eddie Schwartz, vice president of Global Cyber Security and Consulting Solutions at Verizon, according to a press release. "The 2014 DBIR will advance how we approach cyberthreats as an industry, and through our intelligence gathering, enable enterprise organizations to more strategically determine their best defense."
Other key findings from the report included:
- Cyberespionage is on the rise and increased more than three-fold compared to the 2013 report. The 2014 report also showed these attacks were among the most complex and diverse.
- DDoS attacks have grown stronger in each of the last three years.
- The use of stolen and/or misused credentials (usernames/passwords) is the number one way to gain access to information, and two out of three breaches exploited weak or stolen passwords.
- The number of retail POS attacks is decreasing.
- Insider attacks are up, and the report points out that 85 percent of insider and privilege-abuse attacks used the corporate local area network (LAN), and 22 percent took advantage of physical access.
The 2014 DBIR features insights from 50 global organizations and is available for download here.