Nine basic attack patterns constituted 92 per cent of cybersecurity incidents over the last 10 years according to the latest report from Verizon.
The US telco released the tenth installment of its data breach investigations report (DBIR).
Cyberespionage is up in 2014, over three times what it was the previous year. These attacks were more intricate and varied than those in previous years. China remains the world leader in cyberespionage activity. Eastern Europe also had a strong showing with over 20 per cent.
Verizon said its security researchers used advanced analytic techniques to discover that 92 per cent of all security incidents over the last ten years can be traced to nine basic attack patterns that vary from industry to industry.
The company said that its report will assist organisations in having a more focused and effective approach to combating cyber threats.
The report’s principal author, Wade Baker, said ten years of analysis made the company realise most organisations were ill equipped to deal with cybercrime.
“The bad guys are winning. But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically.”
“Organisations need to realise no one is immune from a data breach. Compounding this issue is the fact that it is taking longer to identify compromises within an organisation – often weeks or months, while penetrating an organisation can take minutes or hours.”
The nine threat patterns are identified in the report as miscellaneous errors such as sending an email to the wrong person; crimeware (various forms of malware sold as a product to gain control of systems); insider/privilege misuse; physical theft/loss; web application attacks; denial of service attacks; cyberespionage; point-of-sale intrusions; and payment card skimmers.
The 2014 report showed an average of three threat patterns encompass 72 per cent of all security incidents in any industry.
In financial services, 75 per cent of incidents come from web application attacks, distributed denial of service (DDoS) and card skimming. In manufacturing, 54 per cent are attributed to cyberespionage and DDoS. In retail, the majority attacks are tied to DDoS (33 per cent) followed by point-of-sale intrusions (31 per cent).
The report warns that no organisation in any industry is immune to the ever present threat of cyber criminality. No matter how sophisticated a security system, the dynamic and pernicious nature of cyber threats means no organisation can afford to rest on its laurels.