Dialing in the Data

Paul Thompson
Author: Paul Thompson, Optic Cyber Solutions
Date Published: 2 December 2022

As the world progresses, the tactics, techniques and procedures used to launch a cyberattack against an organization continue to evolve. Entirely new attack vectors seemingly appear out of nowhere; other times an old familiar, but upgraded, foe rears its ugly head to have another go at the crown jewels. With advances in technology, it has become easier for practically anyone to research and purchase tools that essentially provide cyberattacks as a service. Keeping up with what is old, what is new, and what is old but new again can be quite a headache, and frankly, is confusing.

Luckily for us, there is a team of experts rounding up all of the latest and greatest tales of cybersecurity incidents and breaches. This annual accumulation of the latest cyberattack trend data is summarized in Verizon’s Data Breach Incident Report (DBIR). Each year, the report compiles information from cybersecurity incidents and breaches from various sources internationally to help identify common incident classification patterns that threat actors use to achieve their nefarious goals of wreaking havoc on systems and emptying bank accounts.

The incident classification patterns are groups of related incidents and breaches that encapsulate the majority of the cases highlighted by the data collected from around the world. The current incident classification patterns explain 95.8 percent of breaches and 99.7 percent of incidents studied by Verizon. Over time, the number of incident classification patterns has adapted to changes in attack types and the threat landscape. Where originally in 2014 there were nine incident classification patterns, today there are eight: denial of service (DoS), privilege misuse, system intrusion, basic web application attacks, social engineering, lost and stolen assets, miscellaneous errors, and everything else.

Within each incident classification pattern, data can be found on actor types, the actions they take, the assets they target, attributes compromised and the timeline for discovering an attack. The DBIR highlights those patterns of attack that are prevalent each year and paints a picture of how the attack landscape is constantly changing and evolving. Key takeaways from this year’s DBIR include, not shockingly, that a human element was involved in 82 percent of total breaches. Misconfigurations jumped up to 14 percent of breaches, with cloud storage errors as the number one slip-up. Ransomware dominates system intrusion breaches at 25 percent, and a major hack of an American software developer boosted the third-party partner and software update attack vectors in system intrusion incidents. The data pointed to credentials and personal data atop the list of targets for the year. Finally, roughly four in five breaches can be attributed to organized crime, with external actors significantly more likely to be the attack source than internal players. When all of this historical data is brought to light and taken into consideration, organizations are able to plan for how to defend against future attacks to protect systems and keep that hard-earned money in their accounts.

When contemplating the best cyber defense strategy for your organization, consider the CMMI Cybermaturity Platform (CMMI-CP) from ISACA, which helps organizations build cyber resilience with the leading risk-based solution to measure, assess and report on cybermaturity. The platform is based on globally accepted industry standards and uses sources, such as the Verizon DBIR, to constantly adapt and evolve to ensure the best practices for developing a mature cybersecurity platform are top of mind. Cybersecurity experts review not only the information in the Verizon DBIR but also from various other forums and sources to gain a better understanding of current threats, attack vectors and new security technologies and methodologies. These and many other considerations are routinely evaluated, and the CMMI-CP is updated biannually to confirm the best practice recommendations are provided for organizations to mature their cybersecurity programs.

While the world continues to change around us, the CMMI-CP adapts with current trends to allow organizations to stay ahead of cybersecurity vulnerabilities and threats as they become known. The importance of flexibility in managing a cybersecurity program is paramount to success against modern threat actors. Teams and tools need to be able to adjust strategies and learn new techniques quickly to win the fight.

For more information about the CMMI-CP, visit http://shfwb.bagmakerblog.com/enterprise/cmmi-cybermaturity-platform.