Verizon released its 2015 Data Breach Investigations Report (DBIR) this month and extended an exclusive preview to Hospitality Upgrade including an interview with one of the authors, Jay Jacobs, the senior analyst and DBIR co-author with Verizon. HU asked Jacobs to cut through the more than 60-page report and share what this year’s investigation means to the hotel industry.
In its 10th year, the report looks at year-over-year trends. Overall the trends did not change much from the 2014 report. What was new in this year’s evaluation is a formulation for the cost of a breach and a look at incidents involving mobile devices.
Understanding the Mobile Space
Infected mobile devices were very scarce. Android devices seemed to be infected more often than iOS devices, with an inference that iPhones® have better inherent security. Annoying software is the predominate type of infections seen on mobile devices but these attacks are not malicious in nature. According to the investigation, mobile device attack was still not the preferred method of attack.
The equivalent of less than 0.03% of mobile devices are compromised by malware each year.
Message for Hoteliers – Secure the POS
As in previous years the top three industries affected remained public, information and financial services with a combined 66 percent of the number of security incidents compiled in the report. The hospitality industry (chart listed – accommodations) was listed as sixth overall for the number of security incidents reported. (See Figure 2 above.)
However, within the hotel industry a staggering 91 percent of those incidents reported involved a malware attack at the point of sale. Attacks on the hotel industry were overwhelmingly financially motivated. In other industries, such as healthcare, for example, the motivation for a cyber attack is overwhelmingly for personal information. When asked what should the hotel industry take away from this year’s report, without hesitation Jacobs said, “The hotel industry should focus exclusively on the point-of-sale system.”
Of the nearly 80,000 security incidents analyzed this year the researchers pointed to nine threat patterns that have remained an effective approach to fighting cyberthreats. The nine patterns are: Miscellaneous errors, such as sending an email message to the wrong person; crimeware (malware to gain control of a system); insider or privilege misuse; physical theft or loss; Web app attacks; denial of service attacks; cyber espionage; point-of-sale intrusions; and payment card skimmers.
The Cost of a Breach
In this year’s report Verizon analysts have devised a new model to estimate the financial impact of a cyber breach and provides a prediction of the cost of a breach. In a release issued by Verizon, the analysts reported that, “The cost-per-record stolen is directly affected by the type of data and total number of records compromised.”
Mike Denning, vice president of global security for Verizon Enterprise Solutions said, “We believe this new model for estimating the cost of a breach is groundbreaking, although there is definitely still room for refinement. We now know that it’s rarely, if ever, less expensive to suffer a breach than put the proper defense in place.”
Click here for a link to the full Verizon 2015 Data Breach Investigations Report.
A slideshow by Verizon is available by clicking here.
About the Data Breach Investigations Report
The extensive 2015 report is the culmination of 70 contributing organizations representing 61 countries and 79,790 security incidents. The investigative report looked through 2,122 confirmed data breaches.