Companies risk all by skimping on security say Verizon

Data breach report shows that companies need to wise up on their defence policies

Security

A cover-all security policy won't stop attackers from wreaking havoc within a company's network, says Verizon.

Having published its 2014 Data Breach Investigations Report, Verizon opened the door on a number of interesting statistics on how security incidents operate around the world.

There were 1,367 confirmed data breaches in 2013 in which the attacker successfully extracted data. This figure is dwarfed by, what Verizon feels, is the more important fact: 63,437 cases of malicious attack were reported, any of which may or may not have resulted in a data breach.

Of all of those incidents, including others that the firm has studied in the last decade, 92 per cent fall into nine distinct categories. Ranging from DDoS attacks to point-of-sale intrusions, all have been responsible for some form of attack on a company.

The hacking community, according to Eddie Schwartz, vice president of global cybersecurity at Verizon, will always look for the weakest point of entry to a network regardless of which tactic they are using.

Most companies have created a mile wide and inch deep security policy where "the bad guys will just drive around it and steal all of the valuables," he told journalists.

"Where there isn't a vulnerable system there is a vulnerable person," added Verizon investigative response unit co-founder Chris Novak.

Phishing campaigns conducted by criminals target C-level executives with social-engineering, pretending to be old acquaintances and business trip colleagues while attaching payloads of dangerous malware.

Breaches are easily avoidable, though, according to Verizon's Risk team manager Paul Pratley. Implementing two-factor authentication, limiting the available access to outside vendors (who can become easily compromised) and limiting admin control can all improve network security.

To completely secure a network however, requires resources that many enterprises simply don't have. Companies are continually having to pick and choose what kinds of protection that they can afford, exposing themselves in the process. This might lead, according to Schwartz, to security-as-a-service becoming a prominent market in the future:

"In the next three years there will be a tsunami of companies avoiding security altogether and using providers, in much the same way as the cloud is used today," he told IT Pro.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021
Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021