While it typically only takes a short amount of time for a successful breach to compromise data, the amount of time it takes for a breach to be discovered is more likely to be months.
This means businesses susceptible to a data breach should do all they can to not only protect data that is likely to be targeted, but also develop a plan to recognize and respond to a breach in a timely manner, according to Verizon’s 2019 Data Breach Investigations Report (DBIR).
The Verizon report, which analyzed the overall cyber threat landscape, actors, actions and assets that are present in breaches and how things are changing over the years, was built upon analysis of 41,686 security incidents. Of those, 2,013 were confirmed data breaches.
The report explained that the time from the attacker’s first action in an event chain to the initial compromise of an asset is typically measured in minutes, while the time to discovery is more likely to be months. Indeed, the report found that 56 percent of breaches took months or longer to discover.
However, the report also noted that discovery time for a breach is dependent on the type of attack. With payment card compromises, discovery is usually based on the fraudulent use of the stolen data, which can typically take weeks or months, while a stolen laptop will usually be discovered much more quickly, the report stated.
Understanding Threats
With this in mind, one key to possibly minimizing the amount of time it takes to discover and respond to a breach is to develop an understanding of what bad actors are currently doing.
Hacking is the most common factor in a breach —the report found that 52 percent of breaches featured hacking. Phishing attacks and hacking through the use of stolen credentials are also prominent methods of carrying out a data breach. Additional methods included the installation and use of backdoor malware.
“These tactics have historically been common facets of data breaches and based on our data, there is still much success to be had there,” the report stated.
The report found that 43 percent of breaches involved small business victims, and 71 percent of breaches were financially motivated. It added that 69 percent of breaches were perpetrated by outsiders, compared to 34 percent that involved internal actors.
Preparing for a Breach
In order to prepare for a potential breach, entities should develop an understanding of what types of data they possess that are likely to be targeted, as well as apply controls to make that data more difficult to access, according to the report’s authors.
Within the financial and insurance industries in particular, the report found 927 incidents, with 207 involving confirmed data disclosure. Web applications, privilege misuse and miscellaneous errors represented 72 percent of breaches, and 43 percent of the data compromised through breaches was personal data.
The report urged financial and insurance companies to use strong authentication on customer-facing applications, any remote access and any cloud-based email. As there were 45 confirmed breaches associated with misuse of privileges, the report stated, companies should monitor and log access to sensitive financial data and make this clear to staff. The report also encouraged companies to spread security awareness not only to their employees, but also to their customers.
“There is little that financial organizations can do to ensure that their customers are running up-to-date malware defenses or make them ‘phish-proof,’ but spreading a little security awareness their way can’t hurt,” the report stated.
The results found in the report are based on a data set collected from a variety of sources such as publicly-disclosed security incidents, cases provided by the Verizon Threat Research Advisory Center (VTRAC) investigators and by Verizon’s external collaborators.
*This story appeared previously in our sister publication Insurance Journal.