Pattern Recognition: The First Step to Reducing Risk Is Recognizing Threats
April 25, 2014 Leave a comment
- Business and governments alike are facing unprecedented cybersecurity challenges as the threat environment becomes more virulent and complex and as more data is digitized.
- Yet, as difficult and complicated as it can be to mount an effective defense today, threats share some common traits. The latest Verizon Data Breach Investigations Report uncovered the fact that the majority of security incidents fit into one of nine distinct patterns.
In an era where cybercrime and its costs to business and government are escalating at a breakneck pace, resource-constrained enterprises are struggling to keep ahead of the threats. One of the issues made clear by incidents such as the 2013 Target breach is that often organizations have the information, but their IT teams are drowning in so many alerts and false alarms, they fail to focus in on the most damaging threats. Unfortunately, too many IT teams are simply overwhelmed by the volume of incident data and the mysterious sources of cyber-attacks.
One of the best weapons any enterprise has against the unknown is the ability to establish patterns that reveal critical information. With respect to threats, analytics is helping uncover previously unseen commonalities that can help organizations better understand the nature of both the attackers and the incidents themselves. This crucial information can provide enterprises with insights they need to design a better defense against the biggest risks to operations and data integrity and security.
Verizon’s most recent annual Data Breach Investigations Report (DBIR) is helping shed light on how as complex as the threat environment seems, most incidents share traits with other events. Analyzing data on thousands of confirmed breaches and security incidents over the course of the last decade, the Verizon breach report finds that events can be categorized into nine distinct threat patterns. These include: miscellaneous errors, crimeware/malware, insider/privilege misuse, physical theft/loss, web app attacks, denial of service attacks, cyber espionage, point-of-sale intrusions, and payment card skimmers.
Nine categories can still be overwhelming. Where the study really adds useful insight is when it examines the captured information by industry. Verizon discovered that in any given vertical industry, three types of threat patterns dominate in the majority (on average 72%) of incidents. So, in healthcare, for example, physical loss/theft, miscellaneous errors, and insider use are responsible for the overwhelming majority of breaches. Organizations can focus more of their policy and skill development, as well as their threat defense, on addressing these particular threats to continuity and assets.
How good of a gauge do you have on the nature of threats and risk in your organization and your industry? What gaps remain as you try to reduce your risk?