Actions taken against servers and mobile devices

A report by the Aberdeen Group on full-disk and file-level encryption includes information on actions taken against servers and endpoints. An endpoint being a laptop, mobile device, removable media etc.  Although there is nothing totally unexpected in the figures, it helps to have this type of information to show senior management where threats are coming from and justify what is required to protect information.

The actions, from the Vocabulary for Event Recording and Incident Sharing (VERIS), are:

  • Hacking – attempts to intentionally access or harm information assets without (or exceeding) authorization by circumventing or thwarting logical security mechanisms. Includes brute force, SQL injection, cryptanalysis, denial of service attacks, etc.
  • Misuse – the use of entrusted organizational resources or privileges for any purpose or manner contrary to that which was intended. Includes administrative abuse, use policy violations, use of non-approved assets, etc.
  • Error – anything done (or left undone) incorrectly or inadvertently. Includes omissions, misconfigurations, programming errors, malfunctions, etc.
  • Malware – any malicious software, script, or code run on a device that alters its state or function without the owner’s informed consent. Examples include viruses, worms, spyware, keyloggers, backdoors, etc.
  • Social – deception, manipulation, intimidation, etc to exploit the human element, or users, of information assets. Includes pretexting, phishing, blackmail, threats, scams, etc.
  • Physical – deliberate threats that involve proximity, possession, or force. Includes theft, tampering, snooping, sabotage, local device access, assault, etc.
  • Environmental – natural events such as earthquakes and floods, but also hazards associated with the immediate environment or infrastructure in which assets are located. The latter encompasses power failures, electrical interference, pipe leaks, and atmospheric conditions.

As you would expect, the highest figures are hacking against servers and physical actions on endpoints. Misuse is more of an issue for servers. The percentage of Errors are roughly the same for both. There were 4 environmental actions against servers, none against endpoints.

Actions taken against servers

Actions taken against endpoints

Source: Aberdeen Group Selecting an Encryption Solution: Risks Drive the Right Tools for the Job report.  Derived from the Verizon 2015 Data Breach Investigations Report (DBIR).