A year ago Verizon identified a number of data-breach attack patterns but researchers came to the realization too late. Deadlines associated with its annual report prevented it from diving in.
This year, Verizon’s 2014 Data Breach Investigations Report concluded almost all confirmed data breaches collected in 2013 can be described by nine patterns—point-of-sale intrusions (POS), web app attacks, insider misuse, physical theft/loss, miscellaneous errors, crimeware, card skimmers, denial of service (DoS) attacks, and cyber espionage.
These nine patters describe 94 percent of data breaches in 2013 and 95 percent of breaches over the last three years. Applied to security incidents, the nine patterns can explain 92 percent.
“This approach shows extreme promise as a way to drastically simplify the seemingly endless array of threats we must deal with to protect information assets,” Verizon said.
While POS attacks grabbed headlines in 2013, web app attacks accounted for 35 percent of 1,367 recorded breaches in 2013—followed by cyber espionage (22 percent) and POS intrusions (14 percent).
However, POS intrusions make up 31 percent of all breaches (2,861) recorded from 2011 to 2013.
Using the theory that all breaches can be traced to one of nine patterns, Verizon set up a chart and mapped the frequency of each incident classification per industry based on more than 63,000 security incidents. Verizon said 50 organizations in 95 countries contributed to the report.
POS attacks are indeed a problem, but they aren’t the biggest problem to all industries. But the accommodation industry (hotels, bars, restaurants, etc.) can now easily see–if they hadn’t already known–that it is a huge problem for them. About 75 percent of incidents in the accommodation industry are POS attacks.
And yes, the retail industry certainly has it’s share of POS attacks (31 percent), but it has an almost equal amount (33 percent) of DOS incidents, according to Verizon’s research.
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
