NEW YORK—A new report reveals that while cyberattacks are becoming increasingly sophisticated, many criminals still rely on decades-old techniques such as phishing and hacking.
The study also finds that concerns over mobile threats are overblown.
According to Verizon’s 2015 Data Breach Investigations Report, the bulk of the cyberattacks (70%) use a combination of new and old-school techniques and involve a secondary victim, adding complexity to a breach.
Another troubling area, the report indicated, is that many existing vulnerabilities remain open, primarily because security patches that have long been available were never implemented. “In fact, many of the vulnerabilities are traced to 2007 — a gap of almost eight years,” the report explained.
Verizon researchers point out the “detection deficit” — the time that elapses between a breach occurring until it’s discovered. “Sadly, in 60% of breaches, attackers are able to compromise an organization within minutes.”
Yet the report cites that many cyberattacks could be prevented through a more vigilant approach to cybersecurity.
“We continue to see sizable gaps in how organizations defend themselves,” said Mike Denning, vice president of global security for Verizon enterprise solutions. “While there is no guarantee against being breached, organizations can greatly manage their risk by becoming more vigilant in covering their bases. This continues to be a main theme, based on more than 10 years of data from our ‘Data Breach Investigations Report’ series.”
The report indicates that, in general, mobile threats are overblown. In addition, the overall number of exploited security vulnerabilities across all mobile platforms is negligible.
Verizon said the data reaffirms the need for organizations to make security a high priority when rolling out next-generation intelligent devices.
Verizon security researchers explained that the bulk (96%) of the nearly 80,000 security incidents analyzed this year can be traced to nine basic attack patterns that vary from industry to industry. The nine threat patterns are: miscellaneous errors, such as sending an e-mail to the wrong person; crimeware (various malware aimed at gaining control of systems); insider/privilege misuse; physical theft/loss; web app attacks; denial-of-service attacks, cyberespionage; point-of-sale intrusions and payment card skimmers.
The report found that 83% of security incidents by industry involve the top three threat patterns, up from 76% in 2014.