Verizon’s 2015 Data Breach Report Shows Threats Old and New to Watch

The more things change, the more they stay the same. An old saw, that one, but one that needs to be considered nonetheless.

Verizon’s recent report, titled “2015 Data Breach Investigations Report,” shows that cyberattacks are getting a lot more sophisticated, but at the same time, the classics aren’t losing a lot of ground either.

Perhaps the most disturbing point of the Verizon report came from the news that 70 percent of cyberattacks involved at least two classic techniques brought together at once, commonly phishing and hacking.

Many of these new attacks involved a secondary victim, meaning that not only are the schemes getting more complex, so too is the attendant fallout.

That’s bad enough, but it actually gets worse when considered in the light of another point the study revealed: many vulnerabilities that were around even back in 2007 are still around to this day. Security patches designed to fix these vulnerabilities were never actually implemented. Just to top it off, in roughly six out of 10 breaches, attackers can compromise an organization in a matter of minutes.

Sounds like a disaster in the making, doesn’t it? But that’s just it; the report also notes that many of these problems can be countered with just a better awareness of the problem.

The report notes that mobile threats are overblown, that exploited security vulnerabilities in mobile devices are actually quite negligible.

There are even nine fairly standard principles that make up 96 percent of all security incidents, including payment card skimmers, physical theft, Web or app attacks, denial of service, insider misuse, point-of-sale intrusions, crimeware, and outright cyberespionage.

Look at the Dyre Wolf system we talked about not long ago. That system depends on two different attacks working in sequence; the virus gets into the system, then prompts the user to call a number and provide the necessary information to drain an account.

If the virus were intercepted, there would be no problem. If the person didn’t make the call, there would be no problem. But here, both social engineering and malware work together to pull off a major attack. If the person making the call had known about Dyre Wolf and its effects, it would end up stunted at the source. A bit of education would all but stop in its tracks one of the most insidious pieces of malware of the last five years.

This is a great object lesson to take away with us. Hackers aren’t superhumans, despite what pop culture and movies would have us believe. Many common security threats can be addressed right at the user level with just a bit of education.

That’s not an excuse to not keep up with patches and updates, of course, and certainly the need for strong antivirus tools and other perimeter defense tools is just as vital as it ever was. But between all of these tools, the addition of just a little extra knowledge can be the difference.