Highlights from the May 26 HBK Risk Advisory Services webinar
Presenter: William J. Heaven, CPA/CITP, CISA, CSCP, Senior Manager, HBK Risk Advisory Services
The annual Verizon Data Breach Investigations Report (DBIR) provides information on the previous year’s cybersecurity attacks. Organizations can use the Report to determine the most probable threats they face and develop a plan to mitigate their risks. The webinar was designed to identify key takeaways from the Report and provide risk mitigation recommendations. Webinar highlights include:
• The 2021 DBIR covering breach activity in 2020 was released May 13. It is the 14th consecutive annual report. It covers 20 industries, uses information from 83 contributing organizations, and examined almost 80,000 incidents and more than 5,000 confirmed data breaches.
• The DBIR defines an incident as “a security event that compromises the integrity, confidentiality or availability of an information asset. “ It defines a breach as “an incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party.”
• Among the industries covered—and highlighted in the webinar: finance and insurance, healthcare, manufacturing, and retail. The most common breaches for all industries were social engineering, system intrusion, and web applications.
• The DBIR is valuable because the more you know about the cyber threats you face, the better your chances of keeping your data secure and your name out of the headlines. It helps you identify potential threats by identifying the patterns most likely to happen in your industry: what kind of attacks, whether they are internal or external, and the motives behind the attacks. Knowing the more probable events for your business, you can allocate your cybersecurity budget dollars more effectively.
• Do a Google search to get a copy of the Report—the executive summary (about 19 pages) or the full version (about 120 pages).
• Key takeaways from this year’s report: - Who was behind the breaches? Most were by external, financially motivated actors, a consistent trend over the last four to five years. Ransomware is among the most often occurring attack, and likely will remain so for years to come.
- What is the main reason for attacks? Financially motivated breaches are the most common. In the industries highlighted for the webinar, it is the motivation behind more than 90 percent of breaches: 96 percent for financial and insurance; 91 percent for healthcare; 96 percent for manufacturing; 99 percent for retail.
• The bad news:
- Ransomware attacks doubled in 2020 from 2019 and remain on the rise.
- Previously maintaining good data backup was the primary advice for dealing with randsomware attackers, but currently, in addition to encrypting your data, attackers steal it and threaten to post it online.
- 85 percent of breaches involve a human element.
- 36 percent involve phishing.
- 61 percent involve stealing credentials.
- 80 percent involve web application hacks.
• The good news:
- Errors (such as configuration errors) were less of a problem percentage-wise in 2020, though they were greater in number.
- Compromises of desktops and laptops declined (people and organizations are moving more to cloud-based computing).
- 14 percent of breaches had zero-dollar impact (although a study by the Poneman Institute with IBM cited the average data breach as costing the organization $8.6 million).
• The gap is closing between large and small-to-medium-size “SMB” businesses:
- According to the Report, the gap closed substantially this year, but the attack patterns were the same for companies large and small. Attackers are going wherever they can find a weakness.
- Half of large businesses discover breaches within a few days (dwell time) as opposed to about 40 percent of small businesses. Dwell time is the number of days people are on your system before you discover it.
• Two of the five steps for conducting a risk assessment are identifying and analyzing risks. (The five steps of a risk assessment were discussed in the April HBK Risk Advisory Services webinar; email firstname.lastname@example.org for a copy of those slides.) The DBIR provides valuable input to help you create your risk assessment.
• Recommendations for mitigating risk from the 2021 DBIR:
- Consult the Center for Internet Security (CIS) for free information on the most important controls and how to implement protection.
- Key CIS controls for all industries: CIS 4 (attempts to reduce your errors, like misconfigurations), CIS 6 (access control management to prevent people from stealing credentials), CIS 14 (the most important control: security awareness training to protect against phishing and social engineering).
• With a limited cybersecurity budget, start by addressing social engineering threats via security awareness training, then address vulnerability scanning. HBK offers packages that include security awareness training and vulnerability scanning.
• The next HBK RAS cybersecurity webinar will be noon to 1:00, June 23.