Skip to main content

2016 Verizon DBIR points to two-factor authentication and software whitelisting (again)

(0 comments)

The Verizon DBIR 2016 is out today and this is our obiligatory blog post.  The usual caveats apply: it's a small (but growing) data set, there are reporting biases, etc, etc.

First, there's no better endorsement for two-factor authentication than the DBIR.  63% of all attacks used weak, default or stolen credentials.  It is unclear what percentage of these credentials were for administrators, but the attack maps make it clear that the most common path is phishing > malware > stolen credntials > more bad stuff, so it seems safe to assume a good percentage are admin creds.  Additionally, looking at the stolen credentials are used for exporting data and setting up command and control malware which indicates a high level of privilege. 

two-factor auth for Admins in DBIR

Source:  Verizon DBIR 2016

It will be interesting to see what if any impact PCI-DSS 3.2 will have on this pattern.   The DBIR notes that 27% of all incidents involve Payment Card Information.  Will the new PCI requirement for 2FA for admins in the cardholder environment have an impact? 

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom