Verizon Data Breach Study Finds Little Change in Attack Patterns
Major risks remain, but there's been little change in the threat landscape since 2014, Verizon reports. Also, mobile platforms aren't the preferred attack vector.Verizon's 2015 Data Breach Investigations Report (DBIR), released today, finds that little has changed in the threat landscape since the 2014 report came out. Overall, the 2015 DBIR received data from 79,790 security events, of which 2,122 were confirmed data breaches. In contrast, the 2014 report was based on data upon 63,437 security incidents, of which 1,367 were confirmed data breaches. As was the case in the 2014 report, Verizon has identified nine basic attack patterns into which nearly all attacks can be categorized: point-of-sale (POS) intrusions, Web application attacks, insider misuse, theft and loss, miscellaneous errors, crimeware, payment-card skimmers, denial-of-service attacks and cyber-espionage. "What's really interesting is that not much has changed," Jay Jacobs, Verizon senior analyst and DBIR co-author, told eWEEK. "As we look at the patterns and how they break out across industries, there is no big mover and no big surprise."
For many of the sections in the 2015 DBIR, the report co-authors struggled what to write about, other than to simply point people to the 2014 report, Jacobs said. In the 2015 DBIR, Verizon provides additional details on what separates a vulnerability that is exploited from one that is not, he added.