Plaintext: What DBIR Tells Us About Security Patterns
Welcome to Dark Reading in Plaintext, brought to your inbox this week by Deloitte. In this issue of Plaintext, we dig deep into the Data Breach Investigations Report. The 100 page report, as always, is full of charts, patterns, and trends. What jumped out at you? How do you use the report? If you enjoy Plaintext, please share with friends and colleagues!
Key DBIR Takeaways. Verizon Business releases its highly-anticipated Data Breach Investigations Report around this time of the year (although this year felt really early) so that we can pore over the 100 pages of charts and insights. The team behind this year’s DBIR analyzed 30,548 security incidents, out of which 10,626 were confirmed data breaches. The data spanned 94 countries and includes incidents the Verizon Business team investigated as well as data contributed by dozens of global partners, including law enforcement agencies, security vendors, platform providers, and incident response firms.
One significant number from the report: DBIR investigators identified 1,567 individual breaches connected to the exploitation of the flaw in MOVEit File Transfer utility (based on breach description and the timing of the breach). "This was the sort of result we were expecting in the 2023 DBIR when we analyzed the impact of the Log4j vulnerabilities,” the report said. The vulnerability in MOVEit resulted in a worst case scenario despite being lesser known because the product was so widely deployed.
Fastly's Kelly Shortridge outlined three theories as to why MOVEit dwarfed Log4shell in terms of impact. One theory was that MOVEit was the responsibility of the IT department while Log4Shell was the province of software engineering. It makes sense that software designed for end users will be easier to update than software designed as a library to use in other systems,” Shortridge noted.
“With MOVEit, you can download all the data and documents within and hope that some will contain sensitive stuff that the victim does not want exposed. Thus, 0day in MOVEit checks the boxes on both scalability and ease of use in a way Log4Shell did not.” — Kelly Shortridge , Fastly
Dark Reading in Plaintext is brought to you by Deloitte
Deloitte launches CyberSphere platform
Cybersecurity just got simpler. CyberSphere, a vendor-neutral integrated platform, brings Deloitte specialists and technology together to help operate your cyber solutions from a single platform. Check it out.
Making DBIR Actionable. DBIR notes that human error is still a major problem in security, as human error played a role in 68% of breaches. Part of the reason is that users are falling for phishing attacks. The median time for users to click on a phishing simulation link was just 21 seconds. The median time to submit sensitive data to the simulated phishing site was just 28 seconds. More than 40% of social engineering attacks involved pretexting, a tactic generally associated with business email compromise.
DBIR maps incident classification patterns to the Center for Internet Security’s Critical Security Controls. VulnCheck ’s Patrick Garrity ?????? posted a one-pager outlining which CIS Critical Security Controls to prioritize to address issues most frequently involved in breaches. Garrity also mapped all the techniques to incident classifications, and then back to tactics in MITRE’s ATT&CK framework. It’s striking how frequently social engineering appears across the phases: Reconnaissance, Resource Development, Initial Access, Persistence, Privilege Escalation, Defense Evasion, Lateral Movement, and Discovery.
There was a silver lining in the phishing cloud: 20% of users reported the simulated phishing email without clicking on the link. Even among those who clicked on the simulated phishing link, 11% still reported the email. Phishing awareness training seems to be sticking somewhat, and changing some behaviors.
领英推荐
What We Are Reading
What We Heard On-Air
Tune in to our on-demand webinar?“DevSecOps: The Smart Way to Shift Left” to learn about how organizations can shift left for better security.
"The smart way to shift left is to make it a team sport, where cross organization buy-in is a must." — Tom Parker , CEO, Hubble Technology
From Our Library
Check out some of the latest reports from our?Dark Reading Library.
On That Note
Psst, have you heard about Dark Reading Confidential? Dark Reading is launching a brand-new podcast this month. Dark Reading Confidential will bring you firsthand stories from cybersecurity practitioners in the trenches. We will be on all the major platforms: Spotify, Apple Podcasts (any day now), Amazon Music, Pocket Cast (coming soon!), and Deezer. Follow and subscribe so that you don’t miss Episode 1!
Dark Reading in Plaintext is brought to you by?Deloitte
Cybersecurity/Vulnerability Researcher
6 个月Thanks for highlighting my work. ??