Verizon'€™s 2016 Data Breach Investigations Report

A 7-minute Healthcare Cybersecurity Update

Joe Maglitta: You're listening to the Verizon Insights podcast. The thoughts and opinions expressed in this podcast are those of the individual speakers and do not necessarily reflect the views of Verizon or any other entity mentioned in the podcast.

Joe Maglitta: Hello everyone, I'm Joe Maglitta, principal at Maglitta Communications, former vice president of the Market Experts Group at Ziff Davis Enterprise, and a contributing editor for CIO Magazine. Joining us today is Bryan Sartin, Executive Director of Verizon Global Security Services. In the next few minutes we'll highlight findings from the Verizon 2016 Data Breach Investigations Report and offer some ways to better protect your organization. The 2016 report covers over 100,000 incidents, and 2,260 confirmed breaches from 82 countries. Bryan, welcome.

Bryan Sartin: Good morning, Joe, thank you.

Joe Maglitta: So let's get down to it. What are some of the headlines from this year's report, Bryan?

Bryan Sartin: It's our ninth report and every year we try to take a little bit of a different slice at the threat landscape. There's no question about the role of spear phishing and how that is playing a big part especially on the initial intrusions of most types of cyber attacks these days. The use of malware in conjunction with phishing is starting to really illustrate to us that humans are now the slowest in the herd, if you will, from a vulnerability perspective. In other words, people are the easiest targets in a cyber attack. So, we talk a lot about that and really lay out the science on what that means today, and, of course, what to do about it. But for real statisticians and data gurus, we have the use of the attack this year. In this case you can start to look at the total dataset, hundreds of thousands of incidents, more than 2,000 confirmed data breaches. And we found a scientific way to boil those down to a series of playbooks, if you will, meaning the sequential sets of moves from pre attack research to initial point of intrusion to identifying targets of interest within the victim's enterprise to finding ways to exfiltrate that data, subsequent points of entry, and so forth. And we have a brilliant visual method of illustrating those in true color. And it's fantastic. I hope our readers have as much fun reading as we did putting it together.

Joe Maglitta: So now that we've got a general overview of this year's findings, let's bring in Brian Campbell, Verizon's Managing Director of Professional Services for healthcare. Brian is going to help us take a closer look at the particular challenges in the Healthcare industry, and more importantly, solutions. Brian Campbell, welcome.

Brian Campbell: Thank you, Joe, it's great to be here.

Joe Maglitta: We’re going to go do a tag team approach here. Bryan Sartin will highlight the challenges in healthcare, and we'll ask Brian Campbell to come in and suggest some ways to counter this year's most pressing threats. Bryan Sartin, when you look at the data here, it looks like it's all about people as far as I can tell, specifically internal people in the organization.

Bryan Sartin: It is. In fact, quite a bit about internal actors and in a lot of cases accidents—errors and omissions—are also playing a big role here. And you know, healthcare is very curious. It's actually similar in fact to the public sector when you look at the threat profile in terms of our findings. So you see that loss or stolen assets play a huge role there. And you think about the sort of diversity in the technology, IT, security and other types of devices that you see so prevalent all the way out to handheld and mobility and so forth in and around the healthcare field. No surprise that lost or stolen assets that have some type of sensitive information on them play such a big role. But then you get down to privilege misuse—the misuse and abuse of privileges. So these are existing privileges or some form of systems access granted to an individual—employee, contractor or otherwise—that are specifically misused or abused in the course of some type of cyber attack. These are predominantly inside jobs. That statistic is upward of 23 percent. And right behind that, miscellaneous errors at just about 20 percent picking up third place there. So as you put it, humans, particularly the employees are playing the largest role in their threat landscape.

Joe Maglitta: Brian Campbell, what should healthcare organizations be doing to help counter against privilege misuse?

Brian Campbell: The fact that privileged misuse amounts to 32 percent of the breaches that were discovered … that the biggest things that organizations can do are really just to monitor the employee's behavior. Being able to track USB usage. People taking that data and allowing or disallowing that ability by the employees. And also just really understanding and knowing your data and knowing if people have access to data that they should not in fact have. Because the majority of times, privileged misuses have been breached by disgruntled employees who are using that for financial gain.

Joe Maglitta: And how about for the second major threat—lost and stolen assets? What are some of the simple but powerful things that organizations can be doing to help counter that?

Brian Campbell: Yeah, with the lost and stolen data, this was larger than any other sector that was looked at within the report. The fact that information assets are lost over 100 times more often than they're stolen, the things that really can be looked at is just organizations ensuring that they have encrypted data. Because it's not necessarily intentional. It’s lost. So is that data encrypted? Looking at reducing paper, trying to find ways to eliminate as much paper as possible, and just really training employees so they understand when they have their phone, computer, assets leaving an organization, what care should be taken within those assets.

Joe Maglitta: Are you seeing an increase in training programs and awareness programs in healthcare? Is that something in general that the industry is doing a good job at, or still has a ways to go?

Brian Campbell: It absolutely still has a way to go. A lot of times it's the clinicians, it's the folks that don't necessarily fully understand the sensitive nature of the data that they have. And it's really ensuring they are made aware, and that awareness can really help reduce the amount of stolen data that occurs. Because again, that piece is not an intentional act. It's by the person who is giving up the data. You know, it's lost. It's not necessarily being stolen by somebody.

Joe Maglitta: Last piece I want to put out here for you is something that really jumped out at me is that, if you think about the majority of these confirmed data breaches took place in minutes or less, pretty quickly. But in something like 55 percent of the cases it took months, many months or more for healthcare organizations to discover them. Are there some relatively simple organizational fixes and procedures that could be put in place to help bring down that time to awareness?

Brian Campbell: Yeah, the fact that 56 percent of the incidents were discovered in days … in 62 percent of the cases, it took just minutes to get access to the system. So it's really ensuring the fact of: your data's encrypted—what security measures are in place. Because the bad people are getting in relatively fast. But it's taking a long time to discover what's happening inside of the environment. So truly understanding that environment is the critical piece to stopping it from ever happening.

Joe Maglitta: Well that's about all we have time for. Thanks to our guests, Bryan Sartin, Executive Director of the Verizon Global Security Services. And to Brian Campbell, Verizon's Managing Director of Professional Services for Healthcare. And of course thanks to you, our listeners, for joining us today. To get your copy of the Verizon 2016 Data Breach Investigation Report, visit VerizonEnterprise.com/DBIR2016. That's VerizonEnterprise.com/DBIR2016. As always, find us on Twitter @VZEnterprise, or on LinkedIn. Have a great rest of your day.

Smarter Manufacturing Security in 7 Minutes

Joe Maglitta: You're listening to the Verizon Insights podcast. The thoughts and opinions expressed in this podcast are those of the individual speakers and do not necessarily reflect the views of Verizon or any other entity mentioned in the podcast.

Joe Maglitta: Hello everyone, I'm Joe Maglitta, principal at Maglitta Communications, former vice president of the Market Experts Group at Ziff Davis Enterprise, and a contributing editor for CIO Magazine. Joining us today is Bryan Sartin, Executive Director of Verizon Global Security Services. In the next few minutes we'll highlight findings from the Verizon 2016 Data Breach Investigations Report and offer some ways to better protect your organization. The 2016 report covers over 100,000 incidents, and 2,260 analyzed breaches from 82 countries. Bryan, welcome.

Bryan Sartin: Good morning, Joe, thank you.

Joe Maglitta: So let's get down to it. What are some of the headlines from this year's report, Bryan?

Bryan Sartin: It's our ninth and every year we try to take a little bit of a different slice at the threat landscape. There's no question about the role of spear phishing and how that is playing a big part especially on the initial intrusions of most types of cyber attacks these days. The use of malware in conjunction with phishing is starting to really illustrate to us that humans are now the slowest in the herd, if you will, from a vulnerability perspective. In other words, people are the easiest targets in a cyber attack. So, we talk a lot about that and really lay out the science on what that means today, and, of course, what to do about it. But for real statisticians and data gurus, we have the use of the attack this year. In this case you can start to look at the total dataset, hundreds of thousands of incidents, more than 2,000 confirmed data breaches. And we found a scientific way to boil those down to a series of playbooks, if you will, meaning the sequential sets of moves from pre attack research to initial point of intrusion to identifying targets of interest within the victim's enterprise to finding ways to exfiltrate that data, subsequent points of entry, and so forth. And we have a brilliant visual method of illustrating those in true color. And it's fantastic. I hope our readers have as much fun reading as we did putting it together.

Joe Maglitta: So now that we've got a general overview of this year's findings, let's bring in Chintan Gohil, Verizon's Manager of Professional Services for Manufacturing, to help take a closer look at the particular challenges to the manufacturing industry. Chintan, welcome.

Joe Maglitta: We’ll use a tag team approach here. Bryan Sartin will highlight the challenges in manufacturing, and Chintan will suggest some ways to counter this year's most pressing threats.

Bryan Sartin: So if you look from a broader incident angle, denial of service and cyber espionage are unquestionably the greatest threats that you see in manufacturing. However, when you go into breaches, you see cyber espionage, privilege misuse—the misuse and abuse of privileges. And, of course, web application issues, particularly your Internet facing web applications being the greatest source of the problem there. And now cyber espionage: you're talking about specialty threat actors coming from far more different types of pockets around the world these days. Generally they're after data that gives them some form of leverage or advantage. And anybody who has trade secrets, intellectual property in large quantities, these are those traditional victims. But it's not just the IT or information technology sides of these enterprises that are the targets. It's also critical infrastructure, especially in manufacturing. It's not just IT; it's OT. It's the smart sensors, the devices, the robotics and so forth that control, operate and manage the manufacturing floors, the supervisory control and data acquisition or SCADA. And you have attacks that target the IT end of the business. But if they find their way into the OT side of a manufacturer, it sets the stage for not only a data breach, but also the ability for the threat actors to deny, disrupt or destroy that victim's ability to do business. And when that happens, that's a huge concern.

Chintan Gohil: As companies deploy smart sensors, these smart sensors and smart controls are going to be able to impact things like flow and pressure in the critical infrastructure space. And companies are deploying these technologies to improve operating equipment efficiency. And what they want to do is bring in an ecosystem of players to be able to control their processes, both of their OEM manufacturers, people that are making these controls and flow devices and smart sensors. They want to give them access to an unprecedented level of data and to the environment so that they can tell third party analytics to say, "Hey, you know that boiler over there, that may be experiencing some problems and you may need to look at it right away." And in that case, the web app attack is also an area of concern for manufacturers because it's going to increase in the ability or the surface area because manufacturers are now going to give access to a whole bunch of information through web environments to partners and other third party providers.

Joe Maglitta: So from what you're saying, it seems like this is an area that ought to be of increasing concern to manufacturers as we add smarter controls into processes.

Bryan Sartin: It is unquestionably. You have new types of technologies: Internet of Things, OT (operational technology), industrial control systems into the manufacturing enterprise. These new technologies, be it sensors or otherwise are getting connected. They're hyper-connected. That connectivity naturally brings with it the potential avenue of intrusion and vulnerabilities. And most concerning in manufacturing are when you start looking at connecting new devices and new technologies into the OT end of the enterprise. Suddenly you're also adding connectivity and making older conventional applications. Sometimes, industrial control systems that have been there and operational at the enterprise for years, you know, you're making those suddenly visible to the outside world and the rest of your IT environments. These are ten- and fifteen year old applications. So just massive vulnerabilities.

Joe Maglitta: So let's turn to solutions here for a moment. What are some steps that organizations and people listening today can take to begin to better protect themselves?

Chintan Gohil: So, manufacturers are asking us to go from a few hundred connected devices to thousands, and in some cases, even millions of devices. And even if a very small percentage of those potentially millions of end points are smart, they have a potential to be breached. End point protection in that case becomes very, very critical. What tools are you going to need in terms of monitoring and responding? You need very specific end-point protection capabilities in a manufacturing environment. Then number two, you need the ability to integrate your network monitoring in your SOC—in your security monitoring. And then be able to make sense of the logging that you're pulling from these two environments.

Joe Maglitta: Well that's about all we have time for. Thanks to our guests, Bryan Sartin, Executive Director of Verizon Global Security Services. And to Chintan Gohil, Verizon's Manager of Professional Services for Manufacturing. And of course thanks to you, our listeners, for joining us today. To get your copy of the Verizon 2016 Data Breach Investigations Report, visit VerizonEnterprise.com/DBIR2016. VerizonEnterprise.com/DBIR2016. As always, find us on Twitter @VZEnterprise, or on LinkedIn. Have a great rest of your day.