Cybersecurity Insights: Verizon Data Breach Investigations Report

Cybersecurity Insights: Verizon Data Breach Investigations Report
Cybersecurity Insights: Verizon Data Breach Investigations Report

Last month, Verizon released its 20th Data Breach Investigative Report (DBIR). This report has long been a valuable product-agnostic resource which looks across multiple verticals for common elements that cause cybersecurity incidents. Over 30,000 real-world security incidents from over 90 countries were evaluated in this report to try to determine the “how” of data breaches. Once we determine the “how,” we can then start to identify the proper solutions and close the gaps in our customer environments. Our cybersecurity expert, James Morrison, is a long-time fan of the annual Verizon DBIR, and has identified his key takeaways from this year’s report.

1.) There has been a rise in vulnerability exploitation as the primary path for infestation.

The most telling new piece of information in this year’s DBIR is the rise in the exploitation of vulnerabilities as the primary path for infestation. In fact, the number of attacks using this avenue almost tripled and are the same risk as phishing for an enterprise environment. This provides an interesting problem going forward. Phishing training has become the standard for protecting an environment from phishing attacks and has shown some success in reducing this threat when used appropriately, but no similar program exists to limit the exponential growth in vulnerability exploitation.

“Our ways-in analysis witnessed a substantial growth of attacks involving the exploitation of vulnerabilities as the critical path to initiate a breach when compared to previous years. It almost tripled (180% increase) from last year…” (p. 7)

Review the full report here in Intelisys University or go directly to verizon.com/dbir

2.) A major source of these attacks was the MoveIT and similar zero-day vulnerabilities.

In addition, when digging deeper into the vulnerabilities exploited, the major source of these attacks was the MoveIT and similar zero-day vulnerabilities. Attackers are becoming quicker at identifying these vulnerabilities, especially in Software as a Service (SaaS) products that have thousands of users world-wide. We saw a similar spike when SolarWinds was exploited a few years back. This raises the question about supply chain management and risk mitigation. A question we often ask a customer is “Who connects into your environment and how much access does that connection grant?” SaaS products are one of these connections that must be scrutinized to determine whether the risk of allowing the product is acceptable.

3.) The rise in these types of attacks forced Verizon to add a new concept into this year’s DBIR: Third-Party Breaches.

The concept of third-party breaches is not new. In 2013, the Target attack originated through a third-party who had been exploited and that exploit was turned into a massive data breach. Since 2013, these third-party breaches have continued in limited numbers, but 2023 seems to show that these numbers are increasing at a rapid rate. 15% of breaches in 2023 involved a third-party, including these software vulnerabilities previously mentioned.

15% of breaches involved a third party or supplier, such as software supply chains, hosting partner infrastructures or data custodians

4.) How do we handle third-party threats?

Third-party threats must be handled in a multi-pronged fashion. First, we must identify all those third parties and determine what level of risk we are willing to accept. Secondly, we must contractually start holding third parties accountable when their software or access creates undue risk in our corporate environments. Finally, we must reinforce these contractual requirements as third parties renew contracts or access requirements. This also means that we need to start requiring SaaS companies to perform their own penetration testing and security assessments, then share that testing with their customer base. It is becoming dangerous to allow a SaaS product into an enterprise environment without understanding the risk that product brings. When talking to a customer who has SaaS products connected into their environment, it is important to ask whether that product has been tested and whether the risks of that product have been properly identified.

The concept of evaluating third-party risk is not new. In fact, this is the genesis of the Department of Defense’s (DoD) Cyber Maturation Model Certification (CMMC). Under CMMC, every company that wants to bid on DoD contracts must undergo some level of CMMC evaluation to fall within one of three levels. This includes sub-contractors which feed into the supplier ecosystem and connect into the major DoD suppliers. As CMMC becomes more active, it is the belief of many security researchers that the CMMC model will expand into other governmental agencies. In fact, many large enterprises are already starting to consider ways to evaluate their third-party risk and instituting policies to ensure that these third-parties do not inadvertently cause a data breach in their environments.

The Verizon DBIR offers a detailed analysis of the current cybersecurity landscape, and this year’s edition emphasizes the significant role vulnerability exploitation, zero-day vulnerabilities, and third-party breaches play in today’s threat landscape. Organizations face persistent challenges in securing their systems against increasingly sophisticated attacks, and we want to ensure that YOU are top-of-mind when your customers are thinking about their cybersecurity needs. We hope these insights from the DBIR serve as a crucial resource in helping you guide your customers towards enhancing their cybersecurity strategies. Addressing the rise in vulnerability exploitation, and the new avenues used in these attacks, is sure to catch their attention in today’s cybersecurity environment.

Don’t forget to access these helpful resources in Intelisys University to continue learning and increase your cybersecurity knowledge!

Intelisys University: Marketing & Learning Resources

Don’t forget to access these helpful resources in Intelisys University to continue learning and increase your cybersecurity knowledge! Make sure your clients understand the importance of cybersecurity threats, through the DBIR, and how they can safely shield their company with your managed security solutions. Start that discussion and uncover needs with the following materials.

DBIR Kit:

Ken Mills

President

Ken Mills serves as President of Intelisys and is committed to driving growth for Intelisys and our partners. As a distinguished technology executive with over two decades of experience, Ken has previously held leadership roles at EPIC iO, Dell Technologies and Cisco, and served as a fellow with the U.S. Department of State. His strategic mindset has been an integral part of launching innovative products and solutions in the fields of AI, IoT, and 5G. Ken is driven by his curiosity and passion for groundbreaking technology and complex problems, and constantly explores new frontiers in the world of technology.

Monica Lutes

Manager, People & Culture, ScanSource, Inc. and Intelisys

As Manager, People & Culture, Monica has worked closely with Intelisys employees and leaders since 2018 and has worked with ScanSource companies since 2016. A Human Resources professional with 11 years of experience encompassing all areas of HR, especially employee relations, recruiting, compliance, and training, Monica approaches her role as Manager, People & Culture from a consultative perspective. Her goal is to provide advice and guidance to leaders so they can focus on growing the best teams for the business while also supporting employees’ goals.

Ansley Hoke

SVP Marketing, ScanSource, Inc. and Intelisys

Ansley Hoke is the Senior Vice President of Marketing at ScanSource, Inc., a role she has held since 2019, and extended her leadership to include Intelisys in 2023. She joined the company in 2001, serving in merchandising leadership roles for ScanSource POS and Barcode, including acting Vice President of Merchandising and then later VP of Merchandising for ScanSource Catalyst and overall VP of ScanSource Catalyst. She oversaw sales, supplier relations, and services. Known for her pivotal role in creating effective marketing strategies, Ansley has been integral in driving demand, enhancing partner programs, and significantly contributing to the company’s revenue growth and channel relationships.

Mike Baur

CEO of ScanSource, Inc. and Interim President of Intelisys

Mike Baur serves as Chairman and Chief Executive Officer at ScanSource. Mike has served as the Company’s President or CEO since its inception, as a director since December 1995, and as Chairman of the Board since February 2019. Mike has developed a deep institutional knowledge and perspective regarding ScanSource’s strengths, challenges and opportunities. He has more than 30 years of experience in the IT industry, having served in various leadership and senior management roles in the technology and distribution industries before joining ScanSource. Mike brings strong leadership, entrepreneurial, business building and development skills and experience to the Board.

Stephanie Bouras

Regional Vice President, Southeast

Driven by a partner-first philosophy and a passion for innovation, Bouras embodies a leadership style that’s both compassionate and data-driven. As the Regional Vice President, Southeast, at Intelisys, she’s leveraged her extensive marketing and sales experience to propel her team to new heights. A firm believer in aligning herself with her partners, she sees herself as a collaborator and an integral part of their business. This perspective has allowed her to forge deep connections and drive success. A Florida native, Stephanie’s attention to detail and unwavering commitment to her partners have been key factors in her success.

Michael Raspanti

Regional Vice President, Northeast

Michael joined Intelisys in June of 2020, as a long-time channel veteran. He is responsible for leading the Northeast Region, helping continue the tremendous momentum in one of our strongest markets while also recruiting new up and coming partners that will be the growth engine of our future success.

Kristy Thomas

Vice President, Partner Experience and Enablement

Thomas is responsible for Sales Partner enablement and education for all our technology segments, including CX, managed security, mobility, and connectivity. With over 20 years of executive background in telephony, UCaaS, CCaaS and Cloud services, Kristy enables her customers to think broader and deeper as she guides them through their decision journey. Some of the biggest deals in the channel have become a reality thanks to the expertise and humble excellence Kristy brings to her client’s projects.