Verizon Breach Report: What it MeansAshish Thapar Analyzes Results, Offers Security Tips
The company's 2014 Data Breach Investigations Report analyzes more than 1,300 data breaches investigated by Verizon and its partners in 2013. And the annual study shows that Web app attacks are to blame for 35 percent of those breaches, while 22 percent are attributed to cyber-espionage and 14 percent are related to point-of-sale intrusions.
Thapar, head of global consulting and integration services for Verizon in India and South Asia, says the key takeaway from this latest study is: Cyber-attacks are no longer about "Who has money?" They now are about "Who has an IP address?"
"No size [of organization] or industry has been excluded from cyber-attacks so far," Thapar says. "[Also] there's no one-size-fits-all solution to the security problems. [They] differ significantly across different types of organizations."
The 2014 report focuses on nine incident classification patterns, which account for 94 percent of the breaches reviewed: Misc. errors, crimeware, insider and privilege misuse, physical theft and loss, web app attacks, denial of service attacks, cyber espionage, point of sale intrusions and payment card skimmers.
The report goes on to offer seven security tips, including access controls, encryption and two-factor authentication. But Thapar also comes away with an observation about the growing gulf between attackers and defenders:
"Bad guys are innovating faster than the good guys," he says. "Attackers are compromising systems much faster over time. Defenders are not getting much faster at discovering and responding to incidents ... so, we have a reason to worry."
In an interview about the 2014 Verizon Data Breach Investigations Report, Thapar discusses:
- Key findings from the latest study;
- How these findings match regional threat trends;
- Steps security leaders can take to mitigate their risks in the nine classification patterns.
Thapar heads the Global Consulting & Integration Services in India for Verizon Enterprise Solutions. He has diverse experience in the field of IT and information security, providing services and support for both enterprise and government/PSU organizations. His domain experience spans across designing, implementing and managing information security management systems for multiple organizations. He holds several global security certifications, including CISSP, CISM, CISA and SANS GCFA. Thapar had also been an accredited PCI-DSS QSA in the past, and he remained an active QSA for several years.