Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Opportunistic breaches a significant threat

Rapid7 : 29 April, 2013  (Technical Article)
Rapid7 comments on the Verizon data breach report and notes that the most likely attacks originate from weak credentials
Opportunistic breaches a significant threat

With the release of the 2013 Verizon Data Breach report, Rapid7’s senior manager of security engineering, Ross Barrett made the following comments:
 
“Reading the 2013 Verizon Data Breach report and one thing is jumping right off the pages: even with all the hype around APTs and Hacktivists last year, an organisation is still far, far more likely to be breached opportunistically, and the most likely vector will be weak or stolen authentication credentials.
 
Verizon identifies Malware as the broadest and most recurrent threat category. Therefore the counter measures are: reducing the attack surface by removing non-essential applications and services from corporate resources, and, fast and comprehensive patching efforts.
 
Verizon reports a jump from 56% to 66% in the amount of breaches that move into the “months” range before being detected, which is superficially troubling. This might prompt security teams everywhere to feel that they should step up their logging and analysis. However, it does not necessarily mean that the cost of a breach to an organisation is now growing in proportion with the time it takes to detect the breach.
 
Most data breach attacks are done within a few minutes to hours. The direct cost to the breached organisation will not vary if the breach is then detected the next day, the next week, or even at the end of the year. If a breach can’t be prevented, or at least interrupted, the net time to correction only matters in the rare case where the persistent threat is continuing to leech information or the attacker(s) keep coming back to the watering hole – which arguably could be called distinct breaches.
 
It should be pointed out that nothing in this report directly relates to the individual. There are no numbers in the report about how many people have their personal banking compromised because they lost their smartphone or were hit by a drive by malware downloader; however, to some degree we can extrapolate the root theme of opportunistic attacks are equally affecting the average person as they are the organisations.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo