Cloud environments to remain low on attackers radar in 2013: Verizon

Authentication attacks,Web application exploits are among most likely threats enterprises will face in 2013 says Verizon

Increasing popularity of Cloud among enterprises may lead those in the security biz to believe
that such deployments would become favored targets for hackers and cybercriminals in the
days ahead, but thats hardly the case. Experts predict that despite its rising fame, Cloud-based
environments will remain low on attackers radar, at least in 2013.
According to the findings of the just released Verizon Data Breach Investigations Report, in 2013
enterprises will most likely face threats involving authentication attacks and failures, continued
espionage and hacktivism attacks, Web application exploits and social engineering.
These findings of the researchers -- members of the companys RISK (Research Intelligence
Solutions Knowledge) Team are based on data that spans eight years and thousands of cases
and is contained in the 2012 data breach report, released earlier this year. Verizons RISK team
has identified the following most likely data threats:
Topping the list with a 90 percent change of probability -- are attacks and failures related
to authentication, including vulnerable or stolen usernames and passwords, which often represent
the initial events in a breach scenario.
Web application exploits which are most likely to affect larger organizations and especially
governments, rather than small to medium-sized businesses. The chances of such attacks
occurring are three in four, according to the data compiled by the RISK Team.
Social engineering, which targets people rather than machines and relies on clever -- and
sometimes clumsy -- deceptions to be successful.
According to Wade Baker, the lead author of the data breach report, the use of social tactics like
phishing can be expected to increase by a factor of three for larger enterprises and governments.
He also said that targeted attacks from adversaries motivated by espionage and hacktivism --
breaking into a computer system, for a politically or socially motivated purpose -- will continue to
occur, so its critical to be watchful on this front.
In addition, the RISK team does not foresee the failure of an organizations cloud technology or
configuration as being the root cause of a breach. However, an organizations service provider
could inadvertently increase the likelihood of a breach by failing to take appropriate actions or
taking inappropriate ones.
As far as mobile devices are concerned, the Verizon researchers believe that lost and stolen
and unencrypted -- mobile devices will continue to far exceed hacks and malware. The RISK
Team also projects that attacks on mobile devices by the criminal world will follow closely the
push to mobile payments in the business and consumer world.

Increasing popularity of Cloud among enterprises may lead those in the security biz to believethat such deployments would become favored targets for hackers and cybercriminals in thedays ahead, but thats hardly the case. Experts predict that despite its rising fame, Cloud-basedenvironments will remain low on attackers radar, at least in 2013.

According to the findings of the just released Verizon Data Breach Investigations Report, in 2013enterprises will most likely face threats involving authentication attacks and failures, continuedespionage and hacktivism attacks, Web application exploits and social engineering.

These findings of the researchers -- members of the companys RISK (Research IntelligenceSolutions Knowledge) Team are based on data that spans eight years and thousands of casesand is contained in the 2012 data breach report, released earlier this year. Verizons RISK teamhas identified the following most likely data threats:

Topping the list with a 90 percent change of probability -- are attacks and failures relatedto authentication, including vulnerable or stolen usernames and passwords, which often representthe initial events in a breach scenario.

Web application exploits which are most likely to affect larger organizations and especiallygovernments, rather than small to medium-sized businesses. The chances of such attacksoccurring are three in four, according to the data compiled by the RISK Team.

Social engineering, which targets people rather than machines and relies on clever -- andsometimes clumsy -- deceptions to be successful.

According to Wade Baker, the lead author of the data breach report, the use of social tactics likephishing can be expected to increase by a factor of three for larger enterprises and governments.He also said that targeted attacks from adversaries motivated by espionage and hacktivism breaking into a computer system, for a politically or socially motivated purpose will continue tooccur, so its critical to be watchful on this front.

In addition, the RISK team does not foresee the failure of an organizations cloud technology or configuration as being the root cause of a breach. However, an organizations service providercould inadvertently increase the likelihood of a breach by failing to take appropriate actions ortaking inappropriate ones.As far as mobile devices are concerned, the Verizon researchers believe that lost and stolen and unencrypted -- mobile devices will continue to far exceed hacks and malware. The RiskTeam also projects that attacks on mobile devices by the criminal world will follow closely thepush to mobile payments in the business and consumer world.

Air Zoom Pegasus 34


Add new comment