The biggest network threat in today's enterprise is likely sitting at desk within the enterprise and, despite all warnings and guidance from the IT department, is usually the one opening the door to the corporate network for hackers with just one click on the mouse.
Yes, the human factor and stupidity in opening and clicking on emails and attachments without a second thought is the top security vulnerability companies are facing, according to an annual data breach report issued by Verizon.
"How long do you suppose you have until the first message in the campaign is clicked?" states [pdf] the report in describing how phishing, which is the art of tricking unassuming PC users into clicking on dangerous emails and links, is the top data breach strategy. "Not long at all, with the median time-to-first-click coming in at one minute, 22 seconds across all campaigns. With users taking the bait this quickly, the hard reality is that you don't have time on your side when it comes to detecting and reacting to phishing events."
There seems to be lots of clicking happening with 79,790 data breach incidents and 2,122 confirmed breaches worldwide, states the report, which reveals 23 percent of recipients getting phishing emails open them and 11 percent then click on the attachment.
The eighth annual report assesses breach data from a wide range of sources, including Verizon's forensics response efforts for customers and cases handled by law enforcement agencies. This year's report reviewed information contributed by 70 different organizations.
Phishing, like every other data breach approach, is on the rise and hacking attacks are getting more sophisticated each year.
If a breach is detected quick, within days or even a week, there is some capability to shutting down the attack and limiting damage. But as the report reveals, typically the time between an attack and the discovery of a breach is often months and the average cyber-based espionage incident can go on for over a year, about 458 days, before it is uncovered.
"Unfortunately, the proportion of breaches discovered within days still falls well below that of time to compromise," states the report.
Aside from phishing, hackers have a few other ways of breaking into systems and networks, as the report notes. A big favorite for hackers is Web application attacks and denial-of-service attacks. Organized crime, though, goes mostly for crimeware and Web application attacks.