Verizon Security Research Identifies Cyber Crime Patterns

By Ally Orlando, contributing writer

Verizon Communications Inc. security researchers recently found that 92 percent of security incidents can be traced to nine basic attack patterns, the Wall Street Journal reports. These findings were the result of the company’s 2014 Data Breach Investigations Report (DBIR), which analyzed 100,000 security incidents over the past decade.

The information gleaned from Verizon research could help technology companies take a more effective approach to combatting cyber crime.

“The 2014 DBIR will advance how we approach cyberthreats as an industry and through our intelligence-gathering enable enterprise organizations to more strategically determine their best defense,” says Eddie Schwartz, vice president of global cybersecurity and consulting solutions at Verizon Enterprise Solutions.

Wade Baker, principal author of the report, stresses that no business is immune from data breach. He also points out that it often takes businesses weeks or months to identify security incidents, but it only takes minutes or hours for cyber criminals to penetrate.

To allow companies to identify cyber threats more quickly and accurately, the 2014 DBIR highlighted the following patterns:

1. Miscellaneous errors such as sending an email to the wrong person
2. Crimeware (various malware aimed at gaining control of systems)
3. Insider/privilege misuse
4. Physical theft/loss
5. Web app attacks
6. Denial of service attacks
7. Cyberespionage
8. Point-of-sale intrusions
9. Payment card skimmers

The 2014 DBIR marks the first time that the report examined distributed denial of service attacks – cyber crimes intended to compromise network and system availability, which can result in website obsolescence. This particular crime pattern is common in the financial services, retail, professional, information and public sector industries and have increased year-over-year for the past three years.

Threat patterns vary from industry to industry, with an average of three threat patterns covering 72 percent of security incidents in each. In the financial services sector, for example, 75 percent of incidents are a result of web application attacks, distributed denial of service and card skimming.

The most common way that cyber criminals gain access to information continues to be the use of stolen and/or misused credentials, such as usernames and passwords. Verizon suggests that, to combat these threats, companies should employ more complex, two-factor authentication.

POS intrusions, where cyber criminals attempt to capture payment card data, are common in restaurants, hotels, grocery stores and brick-and-mortar retailers. However, the DBIR reports that cyber crimes involving retail POS have continued to trend downward since 2011.

“After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime,” Baker says. "But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically.”