25 May Verizon Data Breach Report Confirms No one is Immune from Cybercrime
Verizon recently released their annual Data Breach Investigation Report [i]. According to the study, 81% of hacking related breaches leveraged either stolen or weak passwords. This recurring theme once again highlights the need for organizations to monitor user accounts for abnormal use.
For several years now, it’s been well understood that the vast majority of serious computer security incidents involve the use of stolen passwords. Cybercriminals need login credentials to pull off most of their dirty work. So, the statistics revealed in the latest Verizon report aren’t necessarily surprising, but it is sobering to see the same vulnerabilities occurring year after year. And the report, once again, highlights how critical it is for organizations to monitor user accounts. Abnormal behavior of user accountactivity is a strong indicator that login credentials such as passwords have been stolen or compromised. The most effective way to identify unusual or abnormal behavior is to deploy automated, artificial intelligence via user and behavior analytics (UEBA).
It’s clear that cybercriminals have become extremely effective at stealing user credentials from one or more organizations, and then leveraging those stolen credentials to access multiple accounts across different entities. According to the Verizon report, “there are armies of botnets with millions (or billions) of credentials attempting to reuse them against other sites. In other words, even though components of authentication weren’t compromised from you, it doesn’t mean they were not compromised.”
We are now seeing a substantial number of data breaches where organizations are breached by hackers using credentials obtained in other breaches. This is underscored in the report “Again, if you are relying on username/email address and password, you are rolling the dice as far as password re-usage from other breaches or malware on your customers’ devices are concerned.”
One positive takeaway from these grim statistics is that organizations can use this information to help set priorities. It’s very clear that security teams should give strong consideration to first plugging vulnerabilities that compromise user credentials. Furthermore, deploying defenses such as user behavior analytics that specifically focus on detecting stolen credentials will help protect organizations from most of the top vulnerabilities. These two initiatives alone, if properly implemented, would go a long way to halting the “81%” of breaches highlighted in the report.
[i] Verizon 2017 Data Breach Investigations Report, 10th Edition.