Data Breach Briefing: The Run-Down on 5 Cybersecurity Studies

threat hunting and security analytics

Information sharing is a critical aspect of cybersecurity.  While studies and surveys can’t match the data in a solid threat intel report, they are useful for understanding the benchmarks and experiences of peer organizations.

There is no shortage of such studies and as a service of sorts to the community, we sometimes summarize those that cross our radar.  In the last 10 weeks, we’ve reviewed 16 such studies and narrowed the list down to the top five most useful in order to present a briefing here.

Here’s the run-down on five cybersecurity studies:

1) Value of data helps drive record breaches

There are many factors driving the high volume of breaches, but one that’s less recognized is “the value of personal data on the black market,” according to Dark Reading which covered a new report from Risk Based Security.

In the first three quarters of 2017 the number of reported breaches rose to 3,833, which is an 18% increase compared with the same period last year.  Similarly, the number of exposed records rose to more than 7 billion, or an 305%.

The article says five of incidents reported in 2017 are “among the top 10 largest breaches of all time.” While events from Equifax and Yahoo were the most visible, there were 1,465 breaches reported in the third quarter of this year.

Additional resources:

2) Risk of data breaches and privileged access

Privileged access and unpatched vulnerabilities is a deadly combination according to a survey of 500 IT professionals conducted by BeyondTrust.  The study found that about 20% of respondents said such combinations “are common,” which is another good argument for establishing a policy of data segmentation on your network.

Respondents said users “often insist they need full administrative privileges over their devices” which 79% believe is the biggest cyber threat.  This is because many attacks begin with misuse of privileged access, according to the study.

A classic example?  The sharing of passwords, especially with people who may not have the proverbial need-to-know.

“When asked to list the top threats associated with passwords, respondents listed employees sharing passwords with colleagues (79%), employees not changing default passwords their devices ship with (76%), and using weak passwords like “12345” (75%).”

The BeyondTrust survey corroborates findings from other studies.  For example, a Ponemon Institute study pointed to a combination of “negligent employees and poor password policies” as weak links.  That survey reports, “54% of respondents said negligent employees were the root cause of a data breach.”

Additional resources:

See these related posts:
7 Security Trends Shaping Intrusion Detection Technology 
10 Trends in Threat Hunting and Security Analytics
Salary Survey: What’s a CISO Worth in 2017?

3) The dark economics of ransomware

A little more than $10 is enough to purchase a DIY ransomware kit, according to a report by Carbon Black which was reviewed by Channel Futures.  In part, this has helped drive 2,500% year-over-year growth in the dark web ransomware market.

The article says, “security experts found that the dark web marketplace has grown” from about $250,000 in 2016 to more than $6 million in 2017.  Researchers discovered more than “6,300 sites on the dark web that sell ransomware, with roughly 45,000 products listed.”

A separate but related study on ransomware by Secureworks, identified “200 new ransomware variants, up 122 percent on the year before,” according to SC Magazine.

The report breaks variants into three categories, which appear to have an economic influence, including “well-designed,” “poorly designed” and “rebranded ransomware that hackers generate from kits they acquire through underground vendors or open source offerings.”

Additional resources:

4) Known vulnerabilities go unpatched

The development and deployment of software comes with inherent security risks.  A “code-level analysis of nearly 250 billion lines of code” by Veracode found “88 percent of Java applications contain at least one vulnerable component, making then susceptible to widespread attacks.”

Moreover, many of the vulnerabilities (42%) remain unpatched, according to an eWeek presentation of the report.  For those that are patched, 28% take “90 days or more to remediate.”

“Vulnerabilities continue to crop up in previously untested software at alarming rates,” according to Veracode.  It says 77% of applications “have at least one vulnerability on initial scan.”

The Equifax incident is a good illustration of this concept. Improving relations between security and devops, in addition to aggressive monitoring, as our own Druce MacFarlane wrote in CSO, would go a long way to reduce the risk.

Still, there’s more to consider.  As astonishing as these findings are, it’s only looking at known risks. There are still those anomalies that could be threats, and those unknown threats that are hiding. This is why organizations need multiple methods of detecting.

Additional resources:

5) AI detecting threats before security teams

Artificial intelligence (AI) “is moving the needle” for cybersecurity, according to a new survey and report published by Cylance titled Artificial Intelligence in the Enterprise: The AI Race is On.

The company surveyed 652 IT decision makers in the US, UK, Germany and France.  It found 64% of IT decision makers anticipate a return on investment from security products based on artificial intelligence (AI).

Some of the data suggests those investments are already providing benefits including:

  • 77% have prevented more breaches following their use of AI-powered tools
  • 81% say AI was detecting threats before their security teams could
  • 74% say they won’t be able to cope with the cybersecurity skills gap without AI

For those readers that may be unaware, Cylance part of the Bricata backstory.  We’ve embedded their malware conviction engine into our sensors, to work alongside our signature engine and network anomaly detection engine.

Additional resources:

* * *

Do you have a take on the data above?  We’d love to hear it.  Got study or survey we should review?  We’re on Twitter. Tweet us up!

If you enjoyed this post, you might also like:
8 Considerations in Cybersecurity Risk Management 

Back to Blog

Bricata Partners with Elastic to Deliver Comprehensive Network Security Visibility through Elastic Security
Network security provider expands relationship with the company that pioneered Elasticsearch and builds integration to Elastic SIEM and Elastic Endpoint Security
+ +