Here's what the hack-attack and data breach landscape looked like over the past year, according to the new Verizon 2016 Data Breach Investigations report: Phishing attacks became more successful. Malware continued to be the dominant way that organizations got hacked. The number of ransomware infections increased. And organizations continued to get exploited via vulnerabilities in their IT infrastructure that were months or sometimes even years old.
That's a summary offered by Laurance Dine, managing principal of the investigative response team at Verizon Enterprise Solutions, in an in-depth audio interview with Information Security Media Group.
Verizon based its new report on information from 67 contributing organizations about more than 2,200 breaches across 82 countries. The information was provided by organizations ranging from incident response firms and insurance companies to law firms and government agencies.
Compared to previous years, unfortunately, the leading ways in which organizations get breached have changed little, Dine says. "There's nothing really new in this year's report. It's showing us information that we have seen repeatedly over the last couple of years ... so things aren't necessarily getting better. The stats are showing that the same sort of attacks are happening all the time."
But the frequency of many of those attacks continues to increase. "We're seeing ransomware all the time," he says. "We are responding to these incidents weekly, if not daily. ... Ransomware is definitely on the rise." In addition, while there have been a number of highly publicized ransomware attacks - and sometimes, ransom payments - in the healthcare sector, Dine says such infections are hitting industries across the board.
Phishing Attacks Persist
The success rate for attackers' phishing messages also continues to increase, thanks, in part, to better-crafted attack emails as well as the ease and low cost of such attacks. "If you can sit at your computer in the middle of nowhere and send out a thousand phishing messages, and within five minutes be in one, two, 10 environments, because somebody's clicked on the attachment, it's a very good payload for [criminals]," Dine says.
In this interview (see audio player below illustration), Dine also discusses:
- Why organizations in the financial services and healthcare sectors are frequent breach victims;
- How 2015 data as well as preliminary 2016 data shows that ransomware infections are continuing to surge;
- The need for greater security awareness training for employees, including training on what to do in the event of a suspected security incident;
- How EU breach notification laws now coming into effect will alter the world's data breach picture.
Dine is a managing principal of the risk team at Verizon Enterprise Solutions and is registered with the U.K. Register of Expert Witnesses in the field of computer forensics. He's completed more than 300 investigations - ranging from high-profile criminal prosecutions to civil litigation cases - and has led numerous on-site investigations in the United Kingdom and elsewhere. He's previously worked as a consultant or digital forensic investigator for a number of firms, including BTG Global Risk Partners, Hobs Legal Docs, Kroll Ontrack and Vogon International. He also served in the U.S. Air Force.