Top lessons from data breach investigations
Data breaches are an all too common part of our landscape today, but are we learning the lessons from them to make our systems more secure?
The 2015 Verizon Data Breach Investigations Report found that there were nearly 80,000 security incidents -- including more than 2,100 confirmed breaches spanning 61 countries in the past year. Security solutions company Rapid7 has produced an infographic of expert takeaways from the report.
It reveals that credentials are still the number one attack method and that it still takes too long to detect a breach with an average of 205 days. Also vulnerabilities are not being patched soon enough, with over 99 percent exploited more than a year after publication.
Phishing is an effective means of attack too, 23 percent of users admit to opening phishing emails and 11 percent click on attachments. Almost 50 percent open emails and click on phishing links within the first hour.
Trey Ford, Global Security Strategist at Rapid7 says, "The maturation of cybersecurity has halted – and right now, that’s largely the result of a self-fulfilling prophecy. When breaches occur, there’s a general lack of root-cause analysis being performed. But even when we do have root-cause findings, the common points of failure are generally not shared, essentially sealing the fate of other organizations to repeat the same mistakes. This year's DBIR shines a very bright light on the lack of information sharing across the industry. In the coming year, I hope to see a focus on the effectiveness on controls – what failed, what was missing, what was defeated".
There's more information in the full infographic which you can see below.