随着世界的进步, 的策略, techniques and procedures used to launch a cyberattack against an organization continue to evolve. Entirely new attack vectors seemingly appear out of nowhere; other times an old familiar, 但升级, foe rears its ugly head to have another go at the crown jewels. 随着科技的进步, it has become easier for practically anyone to research and purchase tools that essentially provide cyberattacks as a service. 跟上旧的步伐, 澳门赌场官方软件吗?, and what is old but new again can be quite a headache, 坦白地说, 是混乱的.
我们很幸运, there is a team of experts rounding up all of the latest and greatest tales of cybersecurity incidents and breaches. This annual accumulation of the latest cyberattack trend data is summarized in Verizon’s Data Breach Incident Report (DBIR). 每年, the report compiles information from cybersecurity incidents and breaches from various sources internationally to help identify common incident classification patterns that threat actors use to achieve their nefarious goals of wreaking havoc on systems and emptying bank accounts.
The incident classification patterns are groups of related incidents and breaches that encapsulate the majority of the cases highlighted by the data collected from around the world. The current incident classification patterns explain 95.8%的违规和99.Verizon研究的7%的事件. 随着时间的推移, the number of incident classification patterns has adapted to changes in attack types and the threat landscape. Where originally in 2014 there were nine incident classification patterns, today there are eight: denial of service (DoS), 滥用特权, 系统入侵, 基本的web应用程序攻击, 社会工程, 丢失和被盗资产, 各种各样的错误, 还有其他的.
在每个事件分类模式中, 可以在参与者类型上找到数据, 他们采取的行动, 他们的目标资产, attributes compromised and the timeline for discovering an attack. The DBIR highlights those patterns of attack that are prevalent each year and paints a picture of how the attack landscape is constantly changing and evolving. 今年DBIR的主要结论包括, 不令人震惊的是, that a human element was involved in 82 percent of total breaches. Misconfigurations jumped up to 14 percent of breaches, with cloud storage errors as the number one slip-up. Ransomware dominates 系统入侵 breaches at 25 percent, and a major hack of an American software developer boosted the third-party partner and software update attack vectors in 系统入侵 incidents. The data pointed to credentials and personal data atop the list of targets for the year. 最后, roughly four in five breaches can be attributed to organized crime, with external actors significantly more likely to be the attack source than internal players. When all of this historical data is brought to light and taken into consideration, organizations are able to plan for how to defend against future attacks to protect systems and keep that hard-earned money in their accounts.
When contemplating the best cyber defense strategy for your organization, consider the CMMI网络成熟度平台 从ISACA, which helps organizations build cyber resilience with the leading risk-based solution to measure, 评估和报告网络成熟度. The platform is based on globally accepted industry standards and uses sources, 比如Verizon DBIR, to constantly adapt and evolve to ensure the best practices for developing a mature cybersecurity platform are top of mind. 网络安全 experts review not only the information in the Verizon DBIR but also from various other forums and sources to gain a better understanding of current threats, attack vectors and new security technologies and methodologies. These and many other considerations are routinely evaluated, and the CMMI-CP is updated biannually to confirm the best practice recommendations are provided for organizations to mature their cybersecurity programs.
While the world continues to change around us, the CMMI-CP adapts with current trends to allow organizations to stay ahead of cybersecurity vulnerabilities and threats as they become known. The importance of flexibility in managing a cybersecurity program is paramount to success against modern threat actors. Teams and tools need to be able to adjust strategies and learn new techniques quickly to win the fight.
For more information about the CMMI-CP, visit http://25tocp.wedmexico.com/enterprise/cmmi-cybermaturity-platform.
