Verizon Data Breach Investigations Report

1416 Words6 Pages

Risk Assessment – Small Businesses Cybercrime, in the business world is defined as a crime where a computer is the object of a crime, such as hacking, phishing, or spamming. While cybercrime encompasses a wide range of activities, they can be generally captured in two categories (Techopedia, 2017):
Crimes targeting computer networks or devices – Examples are viruses, and denial-of-service (DoS) attacks
• Crimes using computer networks to advance other criminal activities – Examples include cyberstalking, phishing and fraud or identity theft.
One of the main focuses of cyber criminals is small business. According to the 2017 Verizon Data Breach Investigations Report (DBIR), “61% of all data breach victims were businesses with under 1,000 …show more content…

 60% of small businesses go out of business within six months of an attack.
 90% of small business don’t use any data protection at all for company and customer information.
Cybersecurity experts warn that battling digital attackers have now become a part of everyday business for all organizations (Turban, Volonino & Wood, 2015).
The term ‘Layered Security’ refers to a network defense strategy, featuring multiple layers of defense, designed to slow down an attacker. For some attackers, a properly placed specific security protocol may be enough to encourage them to find an easier target. For business security, we’ll focus on 5 key layers of digital security associated with protection, detection, and remediation of events (Shenk, 2017). These can be thought of as layers of an onion, as depicted in figure 1. Figure 1 – 5 Layer Security Model (Shenk, 2017)

Network Controls - The first line of defense is essentially network traffic monitoring, and attempted intrusion detection. Some common appliances …show more content…

However, it also has the ability to take immediate action, such as dropping a specific packet, based on rules established by the network administrator.
Antivirus – Software tool that scans multiple points within the network, such as email, file servers, workstations, and mobile devices.
Reputation – This is associated with specific file review.
Behavioral Analysis – Beyond prevention security layers, there must also be detection layers for a robust network security plan. Behavioral analysis involves flagging of unusual traffic behaviors.
Remediation – Once a malicious event is detected, it is critical that you have the ability to quickly resolve it before it gets more deeply embedded, or is able to begin sending sensitive data outbound.
Human Factors and Social Engineering - Unfortunately, some of the best hacker approaches involve circumventing the network via the user actions. Example being a user clicking on a link embedded within a phishing email, or visiting a malicious website. Users falling for too-good-to-be-true offers, or offers looking like legitimate business

More about Verizon Data Breach Investigations Report