/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsVerizon security researchers have found that 92% of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry. This finding will enable a more focused and effective approach to fighting cyber threats.
This year's report found that on average, just three threat patterns cover 72 percent of the security incidents in any industry. For example, in the financial services sector, 75 percent of the incidents come from web application attacks, distributed denial of service (DDoS) and card skimming, while 54 percent of all manufacturing attacks are attributed to cyber espionage and DDoS. In the retail sector, the majority of the attacks are tied to DDoS (33 percent) followed by point-of-sale intrusions (31 percent).
The Nine Common Threat Patterns
1. Miscellaneous errors like sending an email to the wrong person
2. Crimeware (various malware aimed at gaining control of systems)
3. Insider/privilege misuse
4. Physical theft/loss
5. Web app attacks
6. Denial of service attacks
7. Cyber espionage
8. Point-of-sale intrusions
9. Payment card skimmers
Click "Next" below to know the other key findings
*Cyber-espionage is up again, representing more than three-fold increase compared to 2013, with 511 incidents partially due to a bigger dataset. In addition, these attacks were found to be the most complex and diverse, with a long list of threat patterns. Like last year, China leads as the site of maximum cyber espionage activity.
*For the first time, the report examines distributed denial of service attacks (DDoS). They are common to the financial services, retail, professional, information and public sector industries. The report points out that DDoS attacks have grown stronger year-over-year for the past three years.
*The use of stolen and/or misused credentials (user name/passwords) continues to be the No. 1 way to gain access to information. Two out of three breaches exploit weak or stolen passwords, making a case for strong two-factor authentication.
*Retail point-of-sale (POS) attacks continue to trend downward, exhibiting the same trend since 2011. Industries commonly hit by POS intrusions are restaurants, hotels, grocery stores and other brick-and-mortar retailers, where intruders attempt to capture payment card data. While POS breaches have been in the headlines lately, it is not indicative of the actual picture of cybercrime.
*While external attacks still outweigh insider attacks, insider attacks are up, especially with regard to stolen intellectual property. The report points out that 85 percent of insider and privilege-abuse attacks used the corporate LAN, and 22 percent took advantage of physical access.