For the second year in a row, Verizon has taken its comprehensive Data Breach Investigations Report (DBIR) and converted key findings into a more easily accessible Data Breach Digest. Verizon's research is especially valuable due to the high volume of data the company is privy to. As one of the largest U.S. telecommunication corporations, its network infrastructure allows the company to draw on data from more than 82 countries and 67 contributors.
Want to hear a story? Buckle up.
The 100-page 2017 Data Breach Digest presents 16 cyberattack scenarios written in much the same style as a thrilling crime novel — only the vignettes are based on real-world events. Each case study draws from actual cybersecurity incident investigations to describe the critical decisions made, spilt-second actions taken, and crucial lessons learned by stakeholders who found themselves caught in the middle of a breach.
The breadth of a cybercrime's reach is vastly expansive.
The overall report and the stories themselves highlight just how many stakeholders are affected by a data breach. While IT is probably the group that comes to mind first when asked who's in charge of mitigating the risk associated with a security breach, the report illustrates how the effects trickle into many different departments — both internal and external — including:
- Legal counsel
- Human resources
- Corporate communications
- Additional incident response (IR) stakeholders
Each of these teams views the breach from a different perspective and brings a unique approach to the response effort. Verizon notes that this causes each company's strategy for handling the occurrence to vary.
There isn't a textbook approach for how to respond to a data security breach. Main pillars exist, most notably: 1) stop the breach, 2) compensate victims, and 3) tighten security to avoid future incidents. But no handbook exists to explain how to best accomplish those goals, so people improvise. As the stories illustrate, this is sometimes to their benefit — and sometimes to their detriment.
Our top tale includes a terrible twist.
Of the 16 case studies, the example we found most intriguing was a bit of an unsolved mystery. Titled "Down to the Wire," the story is narrated by the company's chief information officer. In it, the company finance director approaches the CIO about a wire transfer to an unknown account he recently signed off on. He has no recollection of approving the transfer — and yet, an email exists with his name on it approving not only this transfer, but another one three days prior.
An investigation is launched and it's discovered that the perpetrator approved the wire transfers from an email address that included the CIOs full name and company domain — except it was off by one letter. So that explains the approval email. But the original request email was in fact sent from the company accountant's corporate email account — no letters missing — and the accountant claims he didn't do it.
As more information is uncovered, the accountant is proven innocent and the company is able to decipher exactly how the cyber thief circumvented security measures preventing this type of scam. The sad twist? Even though the knowledge they gained from the investigation will help to prevent future illegal wire transfers, the company was never able to recover the transferred funds. And the sum was not a small amount; the case study CIO described it as "buying a Rolls-Royce Phantom in a couple of different colors kind of money."
Prepare for crisis in times of calm.
To benefit from Verizon’s birds-eye view, take the time to read the full report. The stories offer deep insights into what worked and what didn't for real companies who suddenly found themselves the victims of cybercrime — and in the decision-paralyzing time crunch to shut it down that accompanies such an event.
By examining the cases during a time of calm, when the stakes aren't as high and time isn't of the essence, if a breach should occur you'll be better prepared to assess risk management tactics and ultimately make decisions that will most benefit your company.