Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Insights from the 2015 Verizon DBIR

The 2015 Verizon Data Breach Investigations Report (DBIR) was published this week, and it’s full of insights on recent data breaches and recommendations to fortify your organization against the latest threats.

For those who are new to this report, it is an annual publication that investigates security incidents across public and private organizations around the world, with a specific focus on data breaches.

While there are many interesting points to note in the report, here are my top highlights from the DBIR.

Malware

RAM scraping malware aimed at point-of-sale (POS) systems grew significantly in 2014, headlining incidents such as the Target case.

While memory scraping malware was observed in 2011, in recent years more advanced versions have impacted major retailers and have broadened to multiple industries. 

Source: Verizon DBIR, page 5

The effects of this class of malware have trickled into the most recent compliance requirements, as noted in Jeff Man’s blog on the latest PCI DSS standards.

The important point here is that continuously monitoring your networks for such classes of malware is essential to improve protection. For organizations that are concerned and would like to monitor for signs of such malware, a solution should include checks for detecting POS malware (POSRAM or Backoff for example), such as Tenable’s SecurityCenter Continuous View (CV).

Vulnerabilities

The DBIR notes that 99.9% of exploited vulnerabilities had occurred more than a year after the associated CVE was published. Furthermore, the top ten CVEs accounted for almost 97% of the exploits observed in 2014 as shown below.

Source: Verizon DBIR, page 18

Related to this is the trending of cumulative percentages of exploited vulnerabilities. The graph below indicates a critical need to address publicly announced vulnerabilities in a timely fashion since more than 50% of CVEs are exploited within the first 4 weeks of a CVE being published.

Source: Verizon DBIR, page 18

Regardless of which vulnerability management solution is chosen, organizations could vastly improve their security postures by addressing the top vulnerabilities in an expedient manner.

Note that the report findings also indicate that older vulnerabilities (more than 10 years) are still being exploited, so solutions that include broad coverage of older vulnerabilities should be considered. Here are examples of a report and a dashboard that illustrate CVE analysis provided by Tenable’s SecurityCenter CV solution. 

Patching

71% of known vulnerabilities had a patch available for more than a year prior to a breach. The DBIR states that a patch deployment strategy focusing on vulnerability coverage is far more effective at preventing data breaches than “fire drills” attempting to patch particular systems as soon as the patches are released. 

If there’s one thing that eludes me is the vast amount of resources and dollars spent in purchasing the latest malware products, and yet hosts remain vulnerable to CVEs that are well identified and which can be readily addressed with regular patching.

In fact, Tenable solutions are integrated with major patch management systems to help organizations correlate the results of patching systems with the results of vulnerability scanning to identify gaps in the patching process. 

Mobile devices

The DBIR notes that while mobile devices are clearly vulnerable, they are not the preferred vector for data breaches. The report notes that threat actors are using other methods outside of mobile. But organizations should not ignore mobile, and should strive for visibility first and then control. This will be critical if the threat landscape changes.

To help organization identify vulnerable mobile devices, Tenable’s Nessus integrates with major MDM solutions to provide mobile device vulnerability information. When combined with technologies like Tenable’s Passive Vulnerability Scanner (PVS), organizations can include coverage for managed and unmanaged devices for better visibility into both iOS and Android devices when the threat landscape does change.

Effectiveness

40% of controls deemed most effective fall into the Council for Cybersecurity’s Critical Security Controls (CSC) “Quick Win” category. As the DBIR authors put it:

“The results of this process actually reinforce things we’ve said in the past: Don’t sleep on basic, boring security practices. Stop rolling your eyes.”

Check out how Tenable is helping to distill these and other recommendations into 5 critical cyber controls that organizations can implement and use to measure the effectiveness of security in business context with SecurityCenter’s Assurance Report Cards (ARCs).

This summary just scratches the surface of Verizon’s findings, so please read the entire DBIR report to learn about other key findings that may be more relevant for your organization. While there is plenty of information in the report, the sheer length of the report (70 pages) can be a challenge to read and to determine if you are vulnerable or a potential victim. But the report is engaging and enlightening, a necessary professional read. Enjoy it!

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.