BeyondTrust Contributes Threat Analytics to the 2016 Verizon Data Breach Investigations Report
April 2016 by BeyondTrust
BeyondTrust announced that the 2016 Verizon Data Breach Investigations Report (DBIR) leverages data on publicly facing vulnerabilities provided by the company. BeyondTrust supplied Verizon researchers with anonymous vulnerability assessment results that represented the most recent live data from public address spaces worldwide. The data was completely sanitized into statistical forms in order to draw the conclusions in the latest report.
Some of the biggest storylines from this year’s report reveal that legitimate user credentials were used in most 2015 data breaches. In fact, 63 percent of attackers took advantage of weak, default or stolen passwords. But not all users were innocent, well-meaning insiders. There was a higher rate of collusion between internal and external parties in 2015.
These findings mirror BeyondTrust’s recent study of privileged access management, which showed that over 25 percent of companies have no controls over privileged access.
The Verizon report also finds an increase in the gap between compromise and detection. In nearly 82 percent of cases, compromises happened in minutes. But 68 percent of the time, exfiltration happens in days. Half of all system vulnerability exploitations occurred between 10-100 days after a vulnerability is published, with a median of 30 days. This is important when considering the majority of attacks used credentials.
The key takeaway: the typical user has too many privileges. Reducing elevated access closes a massive attack vector. By enforcing least privilege on all end-user machines and servers, security administrators can gain control over root and administrative access in their IT environments.
There are five additional steps all organizations can take immediately to strengthen their security postures:
1. Lock down all enterprise credentials in a password safe.
2. Implement least privilege not only for admins, but also for partners, contractors and end users.
3. Implement multi-factor authentication to make it more difficult for attackers to move laterally. _4. Share threat and behavioral analytics to reveal what might be hidden in volumes of data.
5. Improve the discipline of vulnerability assessments and patching.
“Attackers taking advantage of weak, default and stolen credentials is not a new addition to the threat landscape, yet many organizations continue to lack the necessary password management controls to mitigate this attack vector,” said Brad Hibbert, Chief Technology Officer, BeyondTrust. “We’re proud to supply Verizon with the data for this year’s DBIR. We will continue working to raise awareness among businesses and government agencies of all sizes on the steps they must take, including better educating users, to prevent becoming another data breach statistic.”