Verizon Security Report Says Attacks Vary by Industry

Major attack patterns include POS intrusions, Web application attacks, payment-card skimmers, denial of service and cyber-espionage, the study found.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Although Verizon's annual Data Breach Investigations Report (DBIR), which came out today, includes lots of specific data points, one of the key observations is that attacks vary based on specific industry sectors.

Overall, the 2014 DBIR received data from 63,437 security incidents of which 1,367 were confirmed data breaches.

Verizon senior analyst and DBIR co-author Jay Jacobs explained to eWEEK that overall there are nine basic attack patterns that vary across industries. Those nine attack patterns include point-of-sale (POS) intrusions, Web application attacks, insider misuse, theft and loss, miscellaneous errors, crimeware, payment-card skimmers, denial-of-service attacks and cyber-espionage.

For example, in the accommodation industry, 75 percent of all attacks came from POS intrusion. In contrast, when it comes to the health care industry, theft and loss was the top attack pattern, representing 46 percent of all data breaches. In the financial services industry, Web application attacks represented 27 percent of all data breaches, and only 3 percent of breaches were the result of theft or loss.

For each industry and its associated leading attack patterns, the DBIR offers specific insight to provide actionable information for specific industry verticals, Jacobs said.

"The downside of our approach is that there is no big headline coming out of the DBIR this year," Jacobs said. "We're looking at such a detailed level that what applies in one industry, may not apply in another."

Jacobs stressed that the current security landscape is very complex and the reality is that there is no 'one-size-fits-all' solution that everyone in every industry should be looking at.

Point of Sale

One of the biggest security breaches in recent memory was the December breach of U.S. retailer Target, though in terms of the overall trend, Jacobs sees Target as an outlier.

"There were a lot of headlines at the end of 2013 around retail POS breaches, but what we actually saw as an overall trend is that the frequency of POS attacks is actually decreasing," Jacobs said.

The 2014 DBIR found 198 total incidents during 2013 of POS-related data breaches with the top affected industries being food services and retail. Jacobs said that there was an uptick in POS attacks in 2010 and 2011, with attackers going after small businesses.

"After 2011, going into 2012 and in 2013, we're seeing a sharp decline in POS attacks, which is being offset by Web application attacks," Jacobs said.

The DBIR doesn't look at attack scale but rather at the total number of incidents for attack pattern traffic. As such, Jacobs said that Target would just be one out of the 198 POS incidents that it tracked during 2013.

"Target is an aberration, and it is an outlier; it's not the normal style of attack," Jacobs said.

For the retail industry as a whole, POS intrusion attacks represented 31 percent of attacks and denial of service represented 33 percent of attacks.

Web Application Attacks

One of the top attack patterns occurring across multiple industries is the Web application attack vector. For the 2014 DBIR, Verizon analyzed 3,937 total Web application attack incidents of which 490 were confirmed to have data disclosure.

The primary motivator listed by Verizon for 65 percent of Web application attacks was listed as, ideological reasons or just for fun. The idea of ideologically motivated attacks is not a new one. The Verizon 2012 DBIR found that, in 2011, 58 percent of all data stolen was from hactivism-based activities.


Cyber-espionage activities are also a concern, with 511 total incidents reported in 2013, of which 306 had a confirmed data disclosure. Jacobs said that it's not easily possible to state whether or not cyber-espionage is in fact on the rise, given that the 2014 DBIR had more data inputs from more contributing organizations that are now focused on the issue of cyber-espionage.

"It's not clear if cyber-espionage is happening more often, or if it's just that more people are looking for cyber-espionage," Jacobs said.


While there are specific recommendations that the DBIR offers for different industry verticals, one overall trend is the continued need for human efforts as opposed to just implementing more technology.

"A lot of our recommendations are not product-based; it's mostly 'elbow-grease,' Jacobs said. "A lot of organizations that we see want to do the right thing; they just sometimes have a lack of information on what to focus on."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.