Verizon's New Data Breach Report: An AnalysisExpert Insights on the Implications of Continuing Trends
The spread of breaches tied to cyber espionage is among the key findings of the Verizon Data Breach Investigations Report 2017, says Ashish Thapar, a managing principal at Verizon Enterprise Solutions.
Manufacturing, public sector organizations and educational institutions are the top targets for cyber espionage attacks, the report finds. "We see cyber espionage attacks hitting these sectors hard," Thapar says.
The report indicates that the primary motives for these attacks are to obtain sensitive personally identifiable information or proprietary information/intellectual property, he explains. For attacks aimed at educational institutions, valuable research data is the target (see: Analysis: Verizon's 2017 Data Breach Digest).
The Business of Malware
Verizon's report, Thapar says, also found that "malware is becoming a big business. We also see a lot of attacks through ransomware. Sometimes these ransomware attacks are just to extort money from the victims. Other times they serve as a smokescreen for other attacker activity in the background."
Thapar acknowledges that the 10th annual report reflects a continuation of breach trend patterns seen in recent years, rather than any major new threats. The report analyzed data from 65 organizations worldwide on 42,000 incidents and 1,935 breaches.
Even small and midsize enterprises are increasingly become breach targets as attackers seek out softer targets, Thapar says the report shows.
"These organizations really need to guard and make it difficult for the bad guys," he says. "Unlike determined advanced threat actors, most opportunistic attacks will move away and look for softer targets if you make it a little difficult for them."
In this exclusive, in-depth interview (see audio player link below image), Thapar shares further insight on:
- The current trends revealed in the latest report;
- How these trends and affecting enterprises;
- Recommendations for how organizations can prepare themselves to counter these risks.
Thapar is the managing principal, risk services - APJ, at Verizon Enterprise Solutions. His experience includes designing, implementing and managing information security management systems for multiple organizations. Thapar has written several white papers and articles on information security topics. He also has been a featured speaker at several industry events.