Verizon Investigative Report Uncovers Most Common Cyber Incident Patterns

by Mohamad Elbarasse, Analyst

Verizon recently released its annual Data Breach Investigations Report with security incident information from 49 organizations across 95 countries. Though the report is not a comprehensive account of security incidents that occurred in 2013, it is a representative sample of security incidents to date. This is the tenth year that Verizon has conducted such analyses; it showcases the results of historical security data with the most common overall threat patterns, actors, victims and affected industries.

Of the surveyed demographics the public sector had by far the highest number of security incidents in 2013 at close to 50,000. The majority were from large government organizations. The information industry was the next most targeted with 1,132 incidents. The report clarifies that the large volume of incidents reported by the public sector is due in part to a high number of minor incidents. Although, with respect to security incidents with confirmed data loss by the victim, government comes in second with 175 incidents, after the financial industry with 465 confirmed data loss breaches.

Incident patterns that are most prevalent in the government are miscellaneous error, insider misuse, crime-ware, and theft/loss of data with 34%, 24%, 21% and 19% frequency, respectively.

“Incident[s] where unintentional actions directly compromised a security attribute of an information asset” or what the report labels “miscellaneous error” is the leading cause of public sector security incidents. There were over 16,000 reported incidents and more than 400 instances in which data disclosure was confirmed in the overall sample. For each incident pattern the report offers recommended controls to mitigate and prevent these types of incidents in future. For miscellaneous error the report’s top recommendation highlights the importance of implementing data loss prevention software to protect sensitive information delivered by email.

Insider privilege and misuse, the second-most prevalent cause of data breaches in the government, is described by the authors as “any unapproved or malicious use of organization resources.” For insider misuse mitigation the report recommends identity and access management solutions, along with continuous monitoring to observe and track data exfiltration. Access audits should be conducted and published.

The Verizon 2014 DBIR is an excellent resource for setting cybersecurity incident context in a wide range of industries with specific and targeted recommendations to address similar future incidents. Cybersecurity vendors need to familiarize themselves with the main threats plaguing the federal government. This presents solutions opportunities for data loss prevention, identity and access management, continuous monitoring and diagnostics.