June #SecChat Recap: Findings from the 2016 Verizon DBIR

This year’s highly anticipated Verizon 2016 Data Breach Investigations Report (Verizon DBIR) analyzed cybersecurity findings from 100,000 incidents and 2,260 confirmed breaches, taking a deep dive into popular attack types and threats in 2015. During our June Twitter #SecChat, we discussed findings from the report, and examined prominent threats and their impact on industries. Participating in this chat were experts from Intel Security, Verizon, and other industry thought leaders. This lively conversation surfaced enlightening security insights and opinions. Here are some of the highlights:

Once again, phishing tops the list of attack vectors in the DBIR. Why do you think this method is so successful?

To start the chat, we asked participants for their take on phishing—one of the top attack vectors in 2015 according to the DBIR. Participants offered potential reasons for its success, as well as tips for prevention. Intel Security’s @Matt_Rosenquist stated that phishing continues to succeed due to ease of the attack, and novice skill-level needed for execution. @Marc_Spitler of Verizon followed up, emphasizing that all it takes is a single click for an attack to launch. Overall, experts suggested heightened security culture, education, and employee awareness as ways to mitigate this attack vector.

 

The DBIR shows a steep drop in market prices for stolen payment cards. Does that mean card theft will become unprofitable?

#SecChat participants expressed wariness around card theft, sharing ideas on why dark web prices may be plummeting. Intel Security’s @Raj_Samani pointed out that with the lower cost of attack has come a growing ROI—no signs of an unprofitable future. @jc_vazquez added that due to reduced profit from payment card theft, hackers have turned to stealing more valuable user data. @Matt_Rosenquist argued that a drop in market price relates to growth in supply, rather than a decline in demand—and that this threat type is still growing.

 

Consistent with headlines, the DBIR reports a significant increase in ransomware. How can businesses slow its growth?

#SecChat participants agreed that ransomware’s complex nature doesn’t lend itself to one simple solution. As the problem continues to evolve, the industry response remains diverse. @Securelexicon points out attackers’ growing customer service skills and diligence when picking targets—selecting those who will drive the highest return. @Raj_Samani agreed that the threat’s increased focus on targeting verticals is a growing worry, possibly more problematic than the original scattered approach. @Marc_Spitler proposed that the security community’s focus should shift to limiting ransomware’s impact, a more feasible approach than trying to slow its growth. In addition, @Zulfikar_Ramazan argued that a shift in security strategy is the true solution to the problem, with a refocus on the human element of the threat.

Our #SecChat provided some great insights from both the Verizon 2016 DBIR and the cybersecurity landscape as a whole. Thank you to everyone who joined the conversation! You can view the entire discussion on Twitter using the #SecChat hashtag. Be sure to follow @IntelSec_Biz to stay informed about upcoming chats!

 

The post June #SecChat Recap: Findings from the 2016 Verizon DBIR appeared first on McAfee.