What the 2015 DBIR can tell us about insider threat in 2016

We talk a lot about the rapidly evolving threats in today’s digital landscape. For the last 11 years, Verizon has quantified these changes in its annual Data Breach Investigations Report (DBIR). With the release of the 2016 DBIR just a few weeks away, let’s take a look back at the key trends and top threats from the 2015 DBIR, which analyzes data breach statistics from 2014.

Five malware attacks every second 

Verizon reported 170 million successful malware attacks across all organizations in 2014. That’s five events every second. And this number only accounts for the attacks that got past the firewalls, intrusion detection/prevention systems, spam filters and other antivirus (AV) products—not the raw stream of malware that’s likely several magnitudes larger.

What to look for in 2016: The overall volume of malware attacks is almost sure to increase in the 2016 DBIR. More data and more devices mean more vulnerabilities and bigger opportunities. Cybercrime is big business.

Attacks on “easy win” industries increase

The 2015 DBIR took a closer look at five different industries. Their numbers showed that financial and retail organizations are still common malware targets. But cyber criminals are increasingly finding unsuspecting targets in new verticals.

  • Education: 2,332 events/week
  • Retail: 801 events/week
  • Utilities: 772 events/week
  • Insurance: 575 events/week
  • Financial: 350 events/week

What to look for in 2016: Hackers will always go for the “big win” attacks on financial and retail institutions. But malware attacks on “easy win” industries that operate without strong data security will continue to grow.

More than 70% of malware is unique to an organization

The 2015 DBIR found that 70 to 90 percent of malware samples were unique to an organization (from a signature/hash perspective). This makes it extremely difficult for modern AV products to detect and detain malware.

What to look for in 2016: The proportion of unique malware will likely grow even higher—but cyber criminals aren’t really targeting specific organizations. They’re using sophisticated techniques to outsmart the signature- and hash-matching techniques used by modern AV products. This tactic creates millions of “unique” samples of the same malicious program.

Biggest insider threats: enterprise end users and privilege abuse

In 2014, enterprise end users finally took the “biggest insider threat” crown from retail cashiers (retail cashiers have held the title since 2011). That’s disconcerting, considering the huge number of end users in most organizations. More than half of insider threats stemmed from privilege abuse, with financial gain and convenience topping the list of motivators.

What to look for in 2016: The hyper connected enterprise gives end users unprecedented data access—and makes them an unprecedented liability. End users will continue to be the leading source of insider threat, and will pull even further away from other sources.

The story your data tells

The DBIR uses data from more than 100,000 security incidents to tell a year-by-year story of the evolution of cyber threats, but what’s true at a high level—or even in your industry—isn’t always true for your organization. Do you have a system in place for detecting anomalies, identifying attacks and tracking incident response? Do you have the data transparency to follow the data trail back to the source of a breach? While we wait for the 2016 DBIR story, take this opportunity to evaluate whether your data security tools enable you to see the story your own end-user data is telling.

Download the executive brief, Protecting Data in the Age of Employee Churn, to learn more about how endpoint backup can mitigate the risks associated with insider threat.

Code42 Employee Churn 2


Leave a Reply

Your email address will not be published. Required fields are marked *

*