One of the most respected publications in cybersecurity is the Verizon Data Breach Investigations Report (DBIR), analyzing over 150,000 incidents and providing a comprehensive analysis covering the 32,002 incidents and 3950 breaches that meet Verizon’s quality standards. I liked very much how they choose to represent the concept that no industry, no region, no market is excluded; using a page of differently colored squares to illustrate how wide, pervasive, and data-driven their 3950 breaches analyzed has been.

Breaches

Concerning the findings, nearly half (45%) of the breaches featured Hacking. The large majority of them have been perpetrated by external actors, which reinforces the idea that a value chain is present behind almost all hacking attempts. This evidence is also highlighted by the common denominators section, showing that 86% of breaches are financially motivated.

This same section shows that near the half (43%) of the breaches involved Web Applications. This shows the crucial importance of having a solid CI/CD pipeline where security is totally integrated as early as possible in the DevOps lifecycle.

Continue reading …

The rise of sophisticated attacks combined with the security-skills shortage have driven many organizations to go back to basics and review their processes for vulnerability and patch management. The approach is definitely a winning one, given that shrinking and managing the vulnerability surface makes it harder to target and compromise.

Assessing the attack surface requires strengthening key capabilities, such as increasing visibility across the IT landscape and improving the detection, prioritization and remediation of vulnerabilities at scale. Qualys has been boosting these capabilities for its customers over the last two decades.

Read on to learn how Qualys is addressing enterprises’ patch management challenges with integrated breach prevention that includes its new Patch Management cloud application.

Continue reading …

It’s that time of the year when Verizon updates us on the latest trends in the global threat landscape with its Data Breach Investigations Report (DBIR). The findings in this year’s report are based on data provided by more than 70 sources (including Qualys) about more than 41,000 security incidents, including more than 2,000 confirmed data breaches, across a variety of geographies (over 80 countries) and industries. A privileged observation point indeed.

While the very informative 78-page report touches on a wide range of areas,  I’ll focus on three that are particularly relevant for Qualys customers:

• Who are hackers’ preferred targets, and why
• The importance of reducing both the time it takes to discover security problems, such as vulnerabilities or breaches, and the time it takes to fix them
• How lack of visibility, human error and careless misconfigurations heighten organizations’ security risks

Read on to learn more about the evolution (or is it “EVILution”) of the threat landscape in the past year, and find out about recommended actions.

Continue reading …