Some Thoughts on Verizon’s Data Breach Report

David Bressler

David Bressler

victor-oRZDnS2QkuE-unsplash

The Verizon Data Breach Investigations Report is the gold standard of breach reporting being based on more than 16,000 security incidents and 5,200 breaches. There are two things that jumped out at me: the security costs of human error and the size of companies being targeted (getting smaller).

The Security Costs of Human Error

the human element was involved in approximately three-quarters of the analyzed breaches

It’s unclear how much of this was social engineering vs human error, but it’s quite clear that humans make mistakes that automation could prevent. Automation, specifically configuration automation and compliance automation,  is a critical element of keeping your network secure.

What do I mean by those two things, configuration automation and compliance automation?

You have 100 firewalls that you want to change. Could be a simple change – make the password length longer, or a more complex change – update the software running the firewall to keep it secure. You could manually make all the changes… and the likelihood of making an error would be quite high. Or, you could work out the process in the lab, then automate it and deploy it through an automation platform like BackBox. Read this example of almost 100 Palo Alto firewalls that needed to be updated, and how one company saved almost 10 hours with automation.

By the way, the way we do this is one of the core BackBox advantages. That automation is not done via python or another scripting language, which itself has room for errors. Using BackBox you’d enter the CLI commands just as you would at the command line (or the API commands you’d use) and we create the automation from those commands, no scripting required. Want help? Our support team helps our customers create automations… even during trials.

That’s configuration automation.

Compliance automation comes in to protect against configuration drift. During day-to-day operations configurations may be changed from their desired state. An automation platform like BackBox can survey the network at regular intervals looking for configurations that don’t meet the org’s standards or expectations and either automatically remediate them or notify appropriate people and/or systems.

Automation is critical to minimizing human error.

The Size of Companies being Targeted

According to Verizon, the data shows “that the overall costs of recovering from a ransomware incident are increasing even as the ransom amounts are lower. This fact could be suggesting that the overall company size of ransomware victims is trending down.

We know from ConnectWise’s 2022 MSP Threat Report ebook that MSPs are a bigger security target than ever before. I imagine it’s because that’s where you can compromise one organization and get access to many, but ConnectWise indicates targeting mid-tier organizations is helping threat actors stay under law enforcement’s radar.

Smaller companies that don’t have big teams need more automation. They also need more out-of-the-box end-to-end solutions for specific security problems. Selfishly, MSPs need something like BackBox’ Network Vulnerability Manager — an offering that monitors CVEs and other threat intelligence and then maps it to a dynamic inventory to help customers understand their risk and the steps they can take to mitigate the risk.

It’s worth reading through the Verizon report (and the ConnectWise one) when you get the opportunity.

See for yourself how consistent and reliable your device backups and upgrades can be