Chris Griesemer , CPA , Data Breach , General Business Advice , MO , Springfield , Technology
Top Findings from Verizon 2015 Data Breach Investigations Report
written by Chris GriesemerEvery year Verizon comes out with its Data Breach Investigations Report. This year the report was based on 79,790 security incidents, 2,122 data breaches and 70 contributors. Go to http://www.verizonenterprise.com/DBIR/ to read the full report.Highlights of the Data Breach Investigations Report:
- $400 million is estimated to have been lost from 700 million compromised records.
- CVE stands for Common Vulnerabilities and Exposures. If you look at the details of patches applied to different software, you can find the CVE it is supposed to fix or mitigate. The report found 99% of all exploited vulnerabilities had been compromised more than a year after the CVE was published.
- Most of the attacks exploited know vulnerabilities where a patch has been available for months, often years.
- RAM scraping is a term used with credit card machines at stores. When your credit or debit card is swiped, it takes the number and encrypts it. However, there is a very small amount of time that your number is stored in RAM before it is encrypted and deleted. RAM scraping is basically copying that number, after it has been stored, before it is deleted in a millisecond of time. This type of compromise was found in most of the high profile data breaches of the year.
- In 28% of cases, it took attackers just minutes to steal data.
- In 38% of cases, it took attackers just seconds to compromise systems.
- In more than a quarter of the cases, it took days or even months for organizations to discover the breach.
- 23% of users still open phishing emails and 11% open attachments. These results are better than most marketing campaigns.
- Make sure machines are patched in a timely manner. Automate the patch management process by implementing an application like GFI Languard. It controls patch management and has a vulnerability scanner that allows a business to confirm patches are being applied properly. Credit and debit cards are harder to secure because you are at the mercy of the store you use them at. Most credit card companies have anomaly software that can recognize when you purchase something out of the norm of your spending pattern. Make sure your credit card company is using this software. It is also worth checking into a company like LifeLock that protects your identity in the event your information is stolen.
- Implement a thorough awareness program for phishing. Many new techniques are being used, so it is important to keep your employees updated with the ways hackers are using phishing emails.
View Similar Blogs
Other blogs about cybersecurity and your business
Leveraging Financial Expertise for Smarter Business Decisions
Business strategy and consulting from The Whitlock Co. can help your business define goals and develop actionable plans to achieve sustainable growth. Why should you hire outside experts? Our team...
Future-Proof Your Business With Expert Financial Planning & Analysis
The Whitlock Co. provides financial planning and analysis services for your business or organization. These types of services involve the strategic evaluation of your company’s financial health,...
Complete Guide to Our Business Advisory & Accounting Services
In today’s dynamic, fast-paced business landscape, deciding to hire an accounting firm to help your business means you get more than a team crunching numbers. An accounting firm is a strategic...