Lessons Learned for the Network from the Verizon Data Breach Report
bymschiff05-23-201407:54 AM - edited 06-27-201408:11 AM
Last month, Verizon published its annual Data Breach Investigations Report (DBIR). Most in the industry agree that this is one of the best security reports available, and if you are involved in or have any interest in cybersecurity, then reading it is a must. The report covers nearly every type of security issue out there, and provides data from 50 global organizations representing 95 countries, which saw 1,367 confirmed data breaches and 63,437 security incidents in 2013. After reading the report once over, my first thought was, “Wow, this is not good, we are all in trouble…” I am sure this was a common response for most after reading nearly 60 pages of very comprehensive (read: overwhelming) data and findings on security threats such as web app attacks, cyber-espionage, DOS attacks, crimeware, insider threats, etc., etc. No matter what type of organization you work within, if you are responsible for security, sleeping after reading the report may prove to be difficult. While the industries one would expect to see with the most number of security incidents were at the top of the list (1. Finance, 2. Public Sector, 3. Retail), the report showed that every industry is vulnerable.
One of the most startling findings in the report was the comparison (or rather contrast) of the time to compromise vs. the time to discovery of attacks over the past ten years. Simply put, attackers are getting better and faster at a higher rate than the people trying to defend the attacks, and it's not even close. When the breach occurs on the network, the gap between time to compromise and discovery widens. The research can be sliced and diced in a million different ways, but I found that one of the key takeaways is that precautions should and must be taken at all points of an IT infrastructure. While the network is not the most common place for an attack to occur, it must be considered. The report recommends that secure network segmentation will help greatly, and is the key to eliminating a widespread breach across the entire organization, or as the report puts it, “a straight shot from patient zero to full-fledged plague”.
The network, in particular, is a target for cyber-espionage. This is important, and unfortunate, because cyber-espionage has seen consistent and significant growth of incidents over the last several years; making it one of the fastest growing security trends the report indicates. The report defines cyber-espionage as incidents which include unauthorized network or system access linked to state-affiliated actors and/or exhibiting the motive of espionage. The number of cyber-espionage incidents from 2012 to 2013 tripled, and in 2013 nearly 60 percent of incidents had confirmed data loss. Besides growth, another concerning issue for cyber-espionage is that the cost of such attacks is difficult to quantify, yet by all accounts very significant. According to a 2013 report by McAfee, the global economic losses from cyber-espionage and crime were estimated between $80 billion and $400 billion per year.
It is clear from the report that data privacy cannot be taken for granted by anyone and organizations must proactively apply multiple layers of protection for their data and their customer’s data. On the network for data-in-flight, encryption is the gold standard. By encrypting certain sensitive segments of the network, organizations can rest easier about the vulnerability of their network to data breaches. However, encryption of the network has often been met with skepticism because of concerns about loss of performance and added complexity. A new model is required, one that provides seamless and high-performance encryption for end-to-end (site-to-site and hop-by-hop) data privacy. Brocade is delivering a data privacy solution that does just that and consists of multiple products optimized for the enterprise and public campus, enterprise and service provider data centers, and workloads deployed in cloud providers and remote offices. I invite you to learn more about this solution here.
The Verizon DBIR proves that no matter what type of network you have, whether it is public or private, measures must be taken to reduce risk. This point is important because as the report points out, while much of the research indicates what is wrong in cybersecurity, the purpose of the report is to help organizations make decisions on how best to battle these threats. It is a fascinating report, and I encourage you to read it.