Over 90% of data breaches fell into one of nine incident patterns, according to a study by Verizon
Data breaches may be a significant risk for the businesses today and may look really unpredictable but there are recurring combinations of actors, actions, assets and attributes that define each of the incidents. Over 90% of data breaches fell into one of nine incident patterns, according to a study by Verizon.
Being aware of which incident patterns affect your industry more often than others do provides a solid building block for allocating cybersecurity resources.
These nine incident patterns, as defined by Verizon’s Data Breach Investigations Report (DBIR), are as follows:
1. Insider and privilege misuse – trusted actors leveraging logical and/or physical access in an inappropriate or malicious manner.
2. Cyber-espionage – targeted attacks from external actors hunting for sensitive internal data and trade secrets.
3. Web application attacks – web-application-related stolen credentials or vulnerability exploits.
4. Crimeware – malware incidents, typically opportunistic and financially motivated in nature (e.g., banking Trojans, ransomware).
5. Point-of-sale (POS) Intrusions – attacks on POS environments leading to payment card data disclosure.
6. Denial of service (DoS) Attacks – non-breach-related attacks affecting business operations.
7. Payment card skimmers – physical tampering of ATMs and fuel-pump terminals.
8. Physical theft and loss – physical loss or theft of data or IT-related assets.
9. Miscellaneous errors – an error directly causing data loss.
But, is merely knowing the type of incident pattern enough?
Well…not really. You need an incident response team to help you out and make you aware of any data breaches occurring.
Incident Response (IR) Stakeholders
As per Verizon’s Data Breach Investigations Report (DBIR), Incident Response IR stakeholders come in all shapes and sizes, and differ in numbers too—from one to dozens to many more. One way to look at IR stakeholders is to consider them as “technical” and “non-technical” stakeholders (remember data breaches aren’t just an IT security problem). However, perhaps the best (and most useful) way is to characterize IR stakeholders by their roles and responsibilities, and in some cases, their authorities.
The report further classifies the IR stakeholders into top-level leadership (the “strategic” decision-makers), middle-level managers (the “tactical” decision-makers), and a veritable cornucopia of technical and non-technical subject matter experts on cybersecurity incident and data breach response.
Based on relationship to the victim organization, IR stakeholders can have two groups: “internal” stakeholders – those who are part of the victim organization, and “external” stakeholders – those who are outside the victim organization.
However, although IR stakeholders are present, it is always better to be aware of the incident pattern and neutralize them early. Afterall, Prevention is Better than Cure!