How Partners Can Help Fight Cybercrime: Breaking Down the Verizon DBIR

The headlines can be scary — well-known companies hit with security breaches that cost them millions of dollars and scar their reputations.

But small and medium-size businesses aren’t immune to attacks by malicious hackers. Fortunately, channel partners are in a great position to help businesses fend off such threats.

This one-stop gallery breaks down Verizon’s comprehensive Data Breach Investigations Report and offers advice to solution providers whose customers’ livelihoods could depend on the choices they make to protect them.

Looking for more? Get access to our in-depth report on Verizon’s DBIR here.

**Source material by George Hulme**

Follow executive editor Craig Galbraith on Twitter.

Verizon’s Data Breach Investigations Report is now in its ninth year.

Curiously, after analyzing 2,260 confirmed data breaches and more than 100,000 reported security incidents, the carrier found that businesses are repeating many of the same mistakes.

The report found that 85 percent of successful intrusions rely on the top 10 known vulnerabilities. And a whopping two-thirds start thanks to user credentials that are either stolen, or simply weak.

In fact, human error continues to be the problem behind many breaches, whether it’s improper disposal of company information, IT system misconfigurations, or lost or stolen hardware. More than one-quarter (26 percent) of the errors associated with human error involve users sending sensitive information to the wrong places.

This year, many cybercriminals are using a three-pronged attack.

It starts with a phishing email, which can get a user to click on an internal link that drops a malicious payload onto their system. From there, the attacker finds data and credentials to steal. Then they use those credentials to break into network systems.

Identity management tools – in addition to traditional anti-spam and anti-malware software – can fight this. Web application security also is growing rapidly as the number of web-app breaches grew 33 percent in one year.

Researchers estimate customers will spend nearly $7 billion on application security just five years from now, more than a fourfold increase over spending in 2016. And security-awareness training is growing at a 13 percent annual clip.

Don’t underestimate your opponent. Customers – and sometimes partners – don’t understand all the ways they can be attacked. Do your homework and develop a plan for each of these nefarious methods.

A channel partner is in a position to help a business align its security products and policies. A partner also has the contacts and expertise to help a customer identify and respond to a breach more quickly.

Consider this: Verizon’s DBIR reveals that 99.9 percent of exploited vulnerabilities strike more than a year after a patch is released. That shouldn’t be taken lightly. Security requires regular monitoring.

Too often, a company will buy new security technology without having someone in place who knows how to operate and manage it.

Partners will want to point out to customers that internal IT teams typically don’t see data breaches until it’s too late. Note in the graphic above how law enforcement tends to identify a breach — by then, much is lost.

Here are the basics that just about any customer should have in place:

• Awareness of common attack patterns for their particular industry
• Two-factor authentication for internal applications and other oft-used apps
• Regular patching of software and systems, including end-user devices, servers, routers and switches
• Constant monitoring of all inputs and reviewing of logs to ID malicious activity
• Data encryption — both in transit and at rest.
• Frequent staff training about the latest trends in cyberattacks.
• Data classification to help prioritize what to protect, and how.

Of course, businesses in industries with particular compliance requirements – think health care, financial services, etc. – are likely to need more than the basics. A channel partner will play an even more important role for those companies.

Looking for more? Get access to our in-depth report on Verizon’s DBIR here.

Please click here for more Channel Partners galleries.