The newly released Verizon Data Breach Investigation Report noted that while all-out cyber attacks are least likely to be a threat this year, organisations should still brace themselves for any possible data breach as cyber attackers will persist.
“First and foremost, we don’t believe there will be an all-out cyber war, although it’s possible,” said Wade Baker, principal author of the data breach report. “Rather, an enterprise’s 2013 data breach is much more likely to result from low-and-slow attacks.”
The Verizon report noted that 90% of threats this year will be in the form of authentication attacks and failures. But organisations should also prepare for any continued espionage, Web app exploits and social engineering that cyber attackers can launch at any time.
“Nine out of 10 intrusions involved compromised identifies or authentication systems, so enterprises need to make sure they have a sound process for creating, managing and monitoring user accounts and credentials for all of their systems, devices and networks,” Baker said.
The Verizon report also noted that larger organisations and governments are the more likely targets for Web application exploits. Verizon’s RISK (Research Intelligence Solutions Knowledge) Team data revealed that the likelihood of these attacks is three out of four.
“Given these odds, organisations that choose to take their chances and ignore secure application development and assessment practices in 2013 are asking for trouble,” said Baker.
Verizon said social engineering, which targets people rather than machines, are still a threat with such tactics as phishing increasing “by a factor of three for larger enterprises and governments.” Baker said that vigilance and education among employees can help combat this threat.
Baker said that organisations should watch out for targeted politically or socially motivated attacks such as espionage and hacktivism.
Verizon also advised organisations to make sure that their service providers are taking the necessary steps to avoid any data breach or attacks.
There are also threats involving mobile devices, particularly for lost, stolen and most likely unencrypted mobile devices. Most of the attacks threatening mobile devices would be those in the area of mobile payments for both the businesses and consumers.
“There’s a good chance we’ll see this shift in 2013, but our researchers think mobile devices as a breach vector in larger enterprises will lag beyond 2013,” Baker said.
The Verizon report was based on eight years of data contained in the company’s 2012 data breach report, which was released early this year, and collected by the company’s RISK Team.