The 2016 Verizon Data Breach Investigations Report (DBIR) was released recently and offers an unparalleled analysis of the previous year’s data breaches and advice for enterprises on how to avoid future breaches. This years’ DBIR concludes that IT security needs to focus on issues that have consistently, and historically, been used as attack vectors, including phishing, vulnerabilities and compromised credentials.
Christina Richmond, program director for worldwide security services at IDC, commented that there are “variations on themes that seem to rotate” in security, but there is one new aspect to the report.
She noted that industries across the board are seeing a large number of denial-of-service (DoS) incidents but the actual data breaches are coming from other types of attacks.
For example, the entertainment industry saw 99% of incidents were DoS attacks, but the vast majority of data breaches for that industry were from web application (50%) and point-of-sale (47%) attacks. Similarly, the manufacturing industry saw the majority of incidents from DoS (33%) and the nebulous “everything else” category (33%), but breaches were from cyberespionage (47%), privilege misuse (24%) and Web app attacks (21%).
“It just sets people’s hair on fire, because if you’re having a DDoS attack and you see your traffic slow down or come to a grinding halt on your site, you turn all your attention to that. And, meanwhile, someone is walking up the backdoor through malware and taking out your intellectual property or your customer data and they’ve smoke-screened you,” Richmond said. “That’s the thing that is so maddening for security personnel, because you can’t always tell where the fire is.”
So if the smoke from DDoS is distracting security personnel from the task at hand, why not eliminate the smoke and focus on finding the fire?
Software Defined Perimeters (SDPs) are rapidly becoming recognized for their ability to protect critical infrastructure and are particularly effective in preventing DDoS attacks.
SDPs are already proven in large organizations like Coca-Cola for its online consumer service delivery, Mazda to to secure their fleet-management networks, and Google for a new BYOD initiative.