Verizon’s annual 2016 Data Breach Investigation Report (DIBR) has highlighted that mobile and IoT devices are still not considered a factor in real-world data attacks, and are still a low priority.
The reports looks at emerging trends and patterns in data breaches worldwide. Verizon analysed over 100,000 security incidents and included third-party data from approximately 65 organisations, such as the US Department of Homeland Security, and security vendors. Findings were similar to that of 2014; web attacks had increased whilst key motives remained as espionage and financial gain.
Key aspects from the report are:
• Web app attacks were up 33% year-on-year in 2015. 95% of breaches were for financial gain; the top industries suffering from attacks were finance, information and retail.
• Phishing and malware were, again, the principal form of attack. 30% of phishing messages were opened by receivers, a rise of 23% year-on-year. In addition, 12% of those that opened the message then went on to click the malicious link or attachment.
• Mobile devices are not a major target for attacks in 2015; in 2014, only around 0.7% of smartphones were infected with malware and the 2015 rate is similar.
The report’s results is good news for businesses that have been concerned about the security of data as the BYOD trend and the use of cloud data centres continues to grow. However, threats to security is still the main hurdle to overcome when adopting cloud technologies and BYOD policies. In addition, whilst incidents are low for mobile device breaches, the security of these devices is still an integral part of any business or enterprise security.
Whilst hacks into IoT devices that are vulnerable could potentially crash a compromised car, hackers are more like to exploit the device to attack databases, corporate and government networks. With research demonstrating that IoT device manufacturers and service providers are not addressing and not implementing basic security measures, hackers are potentially able to conduct data breaches, damaging critical infrastructures. Carrying out comprehensive IT security practices, such as segmentation and network monitoring will be critical as more IoT devices are deployed.