skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

The 11th edition of Verizon’s Data Breach Investigations Report (DBIR) has been released. As always, the use case examples are fascinating. However, the underlying message is that in today’s always-connected world, compromise is inevitable, but organizations can proactively protect their valuable information and systems.

Outsiders lead the cyberattack charge

In the report, Verizon looks at patterns evident in over 53,000 incidents (a security event that compromises the confidentiality, integrity, or availability of information) and in excess of 2,200 breaches (resulting in the confirmed exposure of information to an unauthorized party).

The report notes that in 2017, 73% of breaches originated with outsiders. Organized crime is the leading external perpetrator, followed by unaffiliated, state affiliated, nation state, and former employee. Furthermore, 28% of breaches involved insiders, indicating that outsiders are using tactics such as social engineering to take advantage of insiders, resulting in breaches.

Financial gain is the main motivator for security incidents, followed by cyber-espionage. A fantastically James Bond-esque term, cyber-espionage covers a range of incidents, from stealing state secrets through to gaining advanced knowledge (intellectual property) of a competitor’s new product blueprints prior to a patent being applied for. These two categories account for about 90% of all breaches. “Fun” is the next-highest motivator (an attacker intent on gaining kudos), with “grudge” in next place, which could be a disgruntled former employee, contractor, or customer determined to cause problems.

By far the greatest volume of actions resulting in incidents and breaches is distributed denial of service (DDoS), followed by loss (in error), phishing, misdelivery (in error), and ransomware. The list goes on.

When breaches are successful, the time to compromise is quick, a matter of hours or less. Think of it in terms of the cyberattack chain: once a threat is inside the network or system, it rapidly reaches the target to compromise the desired information, process, or system. However, 68% of breaches took months or longer to discover, which is of great concern today, let alone when the General Data Protection Regulation (GDPR) comes into effect on May 25, 2018.

The potential for reputational damage is a leading concern among all organizations at board level. Enterprises know that their customers need to trust them, and an incident or breach could erode that trust, with the consequential reputational damage and/or loss of business advantage. The vast majority of organizations are aware that a security incident is unavoidable and could happen at any point. The Verizon report points out that accepting this inevitability is essential. Using risk assessments, organizations should focus on understanding their potential targets, applying controls to protect the targets, and having a plan in place (with appropriate funding) to deal with any attack and its consequences.

Appendix

Further reading

Business-Driven Security for Enterprise Protection and Compliance, INT003-000115 (April 2018)

"Digital transformation must address security", INT003-000088 (March 2018)

"Questions that matter to enterprises: Developing a security strategy", INT003-000099 (March 2018)

Author

Maxine Holt, Research Director, Infrastructure Solutions

maxine.holt@ovum.com

Recommended Articles

  • Service Provider Markets, Consumer & Entertainment Services,...

    MWC 2018 Highlights

    By Ronan De Renesse 27 Feb 2018

    Over 20 of our senior Ovum analysts and consultants attended this year’s Mobile World Congress in Barcelona at the end of February. In between meetings, briefings and presentations, our analyst team were blogging and tweeting about key developments, trends and rumors. Have a look through our daily MWC 2018 Highlights to find out what happened.

    Topics 5G AI IoT Cloud Payments SDN/NFV Smart home

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.

  • Enterprise Decision Maker, Enterprise IT Strategy and Select...

    2017 Trends to Watch: Big Data

    By Tony Baer 21 Nov 2016

    The breakout use case for big data will be fast data. The Internet of Things (IoT) is increasing the urgency for enterprises to embrace real-time streaming analytics, as use cases from mobile devices and sensors become compelling to a wide range of industry sectors.

    Topics Big data and analytics IoT

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now