New threats, old tricks

Verizon's latest Data Breach Investigations Report finds hackers using old techniques to compromise corporate IT and steal data

Inside the Enterprise: In the IT security world, as in so much of technology, there is a fascination with the new. Identifying new and emerging threats is an obsession, and a business, for plenty of people in the industry. CIOs need to be kept abreast of any new risks their organisations might face.

Hackers, though, appear less fixed on new techniques. According to the latest Data Breach Investigations Report, compiled by Verizon, criminals are relying on phishing and hacking methods that have been around for years, if not decades.

Verizon which carries out this research annually says that 70 per cent of cyberattacks are now combined or blended attacks, using a mix of methods to overcome enterprises' defences. These include social engineering and phishing as well as hacking.

As many as 70 per cent of the attacks also use a secondary victim, making defence and attribution harder.

But Verizon is also warning that too many attacks are able to make use of vulnerabilities and exploits that could and should have been patched some time ago. Researchers found significant numbers of vulnerabilities that dated back to 2007. Even in a busy IT department, there are few excuses for leaving a vulnerability unpatched that long.

Simple errors or oversights of this type such as failing to apply patches, update security software or hardware, or to keep up employee training only serve to make cybercriminals' work easier.

It also allows hackers to exploit another trend: for malware to sit on systems, undetected, for long periods of time. So-called "advanced persistent threats" set out to be stealthy, so they can avoid the attention of security teams and extract data over an extended period of time.

Hackers are also hiding malware on organisations' networks, often using known vulnerabilities, or be activated to attack networks later, at will.

As Verizon's researchers point out, the fact that hackers are exploiting known and often old vulnerabilities means that many of the current attacks could be stopped.

The company points to some fairly measures to do this, including raising security awareness, using two-factor authentication and encryption, prompt patching and paying attention to both physical and virtual security.

Financially, this also makes sense. One interesting part of this year's Verizon DBIR is the attempt to quantify the cost of breaches.

The firm has reviewed almost 200 cyber insurance claims, and found that a breach involving the loss of 10 million records ranges between $2.1 million and $5.1 million and could even cost as much as $74 million. "We now know that it's rarely, if ever, less expensive to suffer a breach than to put the proper defence in place," said Verizon's Mike Denning.

If that's not an incentive to review security policies, then it is hard to know what is.

 Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
Peloton security bug could expose user data
data protection

Peloton security bug could expose user data

6 May 2021
Tens of thousands of Pennsylvanians health data exposed following data breach
data protection

Tens of thousands of Pennsylvanians health data exposed following data breach

4 May 2021
Cost of a data breach report 2020
Whitepaper

Cost of a data breach report 2020

30 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell XPS 17 (2021) review: A big laptop for big jobs
Laptops

Dell XPS 17 (2021) review: A big laptop for big jobs

10 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021