As a cloud solutions integrator, we are laser-focused on security. The Data Breach Investigations Report (DBIR) by Verizon is our favorite, single piece of research for keeping up-to-date. 2016 marks their 9th yearly edition and it is the largest DBIR ever. It examines over 100,000 incidents, including 2,260 confirmed data breaches across 82 countries. 67 contributing organizations provide data, including security service providers, law enforcement and government agencies.
Our Take: Where to Start?
Here are the top three statistics from the report that we find the most critical for stakeholders to be aware of:
- Hacker Motive: It’s about the money. 80% of beaches had financial motive. Established and Fortune 1000 companies are targeted daily.
- Time to Discovery: In 93% of breaches attackers take minutes or less to compromise systems. Only 20% of breaches are discovered within days. 80% of breaches take weeks, months. 7% even take years or longer to discover. Why? Security teams are looking through complex, traditional log tools manually.
- Phishing: Humans are not firewalls. We are are the easiest target for point of intrusion to an IT environment. 30% of phishing emails are opened. 12% of targets ultimately click the link or attachment. With such a large infrastructure one weak entry point makes you vulnerable.
All of the above are a summation of three main issues. First, CISOs are frozen. Cybersecurity strategies, skills, and technologies are complex. Second, there is an illusion of safety. Traditional SIEMs rely on an out-dated security rules framework. Third, the status quo is broken. Approaches are inflexible, narrow, and reactive.
Our Answer: Take Control with Real-Time Visibility
When a breach happens, organizations need a real-time, wide angle lens to get visibility immediately. The machine data platform Splunk can help.
So, How Credible is Splunk?
Great question. Gartner placed Splunk in the leaders quadrant and positioned Splunk furthest overall for “completeness of vision” for Security Information and Event Management (SIEM). Splunk received the highest scores for each use case in the Critical Capabilities: Basic Security Monitoring 4.2, Advanced Threat Detection 4.17 and Forensics and Incident Response 4.18 of 5.
Own your organization’s outcome. Embrace early detection, rapid response, and augment a culture committed to tearing down silos and teamwork. Start the journey here by incorporating analytics strategies and toolsets as soon as possible. Did the Executive Summary pique your interest to learn more? Get the 85 page Full 2016 Data Breach Investigations Report.
- Gartner “Magic Quadrant for Security Information and Event Management” by Kelly M. Kavanagh, Oliver Rochford, Toby Bussa, August 10, 2016
- Verizon (2016). Data Breach Investigations Report. Retrieved from: http://www.verizonenterprise.com/DBIR/2016/
- Splunk. (2014, February 19). Splunk For Security Vs. SIEM [Video file]. Retrieved from https://www.youtube.com/embed/h2_MiD9OC_8