FORTUNE -- It's that time of year again: Spring is in the air, Monarch butterflies are traveling north, and Verizon's (VZ) data breach report is making the rounds, freaking out already freaked-out chief information security officers around the globe.
The annual report compiles and analyzes more than 63,000 security incidents (as well as 1,300 confirmed data breaches) from about 50 companies worldwide. This year's 60-page document identified nine main patterns of attack, including point-of-sale intrusions, denial-of-service attacks and acts of cyberespionage. According to Verizon, 94% of all security incidents in 2013 can be traced to these nine basic categories.
(As for the other 6% of threats facing corporate America, well, ignorance is bliss, right?)
Here, our summary of the most pressing security threats for major companies:
Hands down, this is the most common type of data breach. According to Verizon's report, web applications remain the "proverbial punching bag of the Internet." How do the bad guys do it? Phishing techniques, installing malware, and, yes, correctly guessing the name of your first stuffed animal, your oldest cousin's eye color and your nickname in sixth grade. There are ways to better protect Internet-facing applications, Verizon insists, and it starts with two-factor authentication.
Incidents of unauthorized network or system access linked to state-affiliated actors have tripled -- that's right, tripled -- over the last year. Espionage exhibits a wider variety of "threat actions" than any other attack pattern, Verizon says, which means that once intruders gain access, they're making themselves comfortable and partaking in all sorts of activities, from scanning networks to exporting data. Verizon warns that we can't keep blaming China, though -- at least not just China. About 21% of reported incidents are now being instigated from Eastern Europe.
Given the recent high-profile Target (TGT) breach, in which hackers gained access to the credit card numbers of some 40 million customers, this may seem like the attack pattern du jour. But Verizon claims point-of-sale intrusions have actually been trending down over the last several years. "Recent highly publicized breaches of several large retailers have brought POS compromises to the forefront," the report's authors write. "But at the risk of getting all security-hipster on you -- we've been talking about this for years." Still, retailers and hotel companies in particular need to be concerned about this kind of attack. It only takes one massive point-of-sale intrusion to scare away customers and investors -- just ask Target.
Skimming mainly affects ATMs and gas pumps, and is a relatively crude form of attack that requires a skimming device to be physically added to a machine. It's hardly a new tactic, but what's different today is the way that the data from "skimmed" payment cards is collected. Before, a criminal had to retrieve the skimming device; now, a thief can remotely collect the data using Bluetooth or other wireless technologies. More modern ATMs are designed to be relatively tamper-free, but this is still a big problem in some parts of the world, such as Bulgaria and Armenia.
Not sure what falls under this category? Imagine someone akin to the rebel NSA defense contractor Edward Snowden, or pretty much any unapproved or malicious use of organizational resources. The most common examples of this are employees using forbidden devices (e.g. USB drives) or services to send intellectual property to their personal accounts -- or, more deliberately, posing as another user and sending messages aimed at getting a colleague fired. According to Verizon, many of the people committing these crimes are payment chain personnel and end users, but C-suite managers were more to blame in prior years. Bottom line: Trust no one.
This category includes any malware incident that doesn't fit into the espionage or point-of-sale buckets. The goal is always some kind of illicit activity, such as stealing users' online banking credentials. Most forms of crimeware start with web activity such as downloads or so-called drive-by infections, where a virus can be downloaded when a user unknowingly clicks on a deceptive pop-up window. What can corporations do to combat these types of attacks? Keep software such as browsers up to date.
Oops, I did it again -- as in, I sent an email containing sensitive information to the wrong recipient. That's the most common example of this kind of unintentional data disclosure. Others include accidentally posting non-public information to a company's web server or even snail-mailing documents to the wrong physical address. There's no cure for human error (other than replacing them with computers, of course), but Verizon says corporations can implement data loss prevention software to reduce instances of sensitive files sent by email and tighten processes around posting documents to internal and external websites.
Here's a fun fact: It turns out that corporate assets like phones and laptops are stolen from corporate offices more often than from homes or vehicles. The primary cause of this type of incident? Carelessness. According to the Verizon report: "Accidents happen. People lose stuff. People steal stuff. And that's never going to change." The only thing you can change, advises the company, is to encrypt devices, back up data, and encourage employees to keep their gadgets close.
Last but not least, so-called DDoS threats include any attack aimed at compromising the availability of networks and systems. These are primarily directed at the financial, retail and public sectors. And while the motives behind shutting down corporate, consumer-facing websites remains the same -- extortion, protest, or perverse fun -- the tools at attackers' disposal have become more sophisticated and more thoughtfully named, such as "Brobot" and "itsoknoproblembro."
More on cybersecurity from Fortune:
The telecom company plans to expand its cloud offerings.
FORTUNE Telecom company CenturyLink Inc. (CTL) is expected to announce plans to expand its data center presence in eight markets in a bid to capture revenue from corporate customers making the move to so-called cloud computing and other online services.
The Monroe, La., operator says it will open three new data centers in North America, and will expand five existing facilities this year.
CenturyLink, the third-largest provider MOREStephanie N. Mehta, Deputy Managing Editor - Mar 25, 2014 8:30 AM ET
Soon to be untethered from Verizon, the telecom giant will be making headlines.
FORTUNE -- Don't know much about Vodafone (VOD), the U.K.-based wireless carrier? That's all about to change.
The company is poised to complete the sale of its 45% stake in Verizon Wireless to New York-based Verizon Communications (VZ) for $130 billion. Once the transaction is complete, Vodafone will embark on a series of strategic and financial moves that MOREStephanie N. Mehta, Deputy Managing Editor - Feb 10, 2014 8:19 AM ET
Krzanich may turn out to be a CEO so practical-minded he gets exactly what he wants in the end, even if it means passing serendipity along the way.
By Kevin Kelleher, contributor
FORTUNE -- All along Intel's (INTC) storied history, an investment in the company has essentially been a vote of confidence in Moore's law -- the observation, named after an Intel founder, that the number of transistors on a microchip doubles MOREJan 24, 2014 5:00 AM ET
The $3.3 billion purchase bolsters the U.S. telecom company's bid to take out AT&T.
FORTUNE -- You may not have noticed, but there's an epic wireless war going on in the United States. T-Mobile (TMUS), long thought to be uncompetitive in a market dominated by Verizon Wireless (VZ) and AT&T (T), is working to close the gap between it and its larger rivals. A dazed Sprint (S) sits somewhere in between.
T-Mobile US MOREAndrew Nusca - Jan 6, 2014 12:20 PM ET
The outcome of Verizon's lawsuit against the FCC might do more to determine the future of the Internet than the FCC's new chairman possibly can.
FORTUNE -- Tom Wheeler's appointment as chairman of the Federal Communications Commission was about as friction-free as could be, despite the fact that Sen. Ted Cruz threatened to block the nomination over his supposed worries about rules governing disclosure of who pays for political ads. A MOREDan Mitchell, contributor - Nov 1, 2013 3:53 PM ET
Even in the iPhone's slowest quarter, Apple grabbed 51% of Verizon's activations.
FORTUNE -- Apple (AAPL) got some good news Thursday from Verizon (VZ), the first of the big four U.S. carriers to report its Q3 2013 results.
Of the 7.6 million smartphones Verizon activated in the quarter, 3.9 million (51%) were iPhones. That's up from the same quarter last year, when the iPhone accounted for only 46% of 6.8 million.
Given that the third MOREPhilip Elmer-DeWitt - Oct 17, 2013 3:15 PM ET
The exception is Apple, which dominates in both brand and operating system loyalty.
FORTUNE -- Given the magnitude of recent telecom deals -- Microsoft (MSFT) offering $7.2 billion for Nokia's (NOK) handset business, Google (GOOG) shelling out $12.5 billion for Motorola Mobility, Verizon (VZ) paying an astonishing $130 billion to buy out Vodafone's (VOD) 45% stake -- Consumer Intelligence Research Partners asks an interesting question:
What matters most to smartphone customers, the MOREPhilip Elmer-DeWitt - Sep 5, 2013 4:19 PM ET
3.9 million of the 7.5 million smartphones Verizon activated last quarter were iPhones.
FORTUNE -- When Samsung introduced the Galaxy S4 with Broadway-style fanfare in March, the assumption on Wall Street was that it was going to steal a march on Apple (AAPL), whose newest iPhone was already 6 months old and not getting any younger.
When Samsung sold fewer Galaxy S4s than expected, the assumption on the Street was that the market MOREPhilip Elmer-DeWitt - Jul 18, 2013 12:22 PM ET
Facebook's CEO reportedly approached Samsung about making the social network's next phone. Smart move.
FORTUNE -- Remember the first Facebook phone, the HTC First? Not many do -- despite its recent April launch.
The First was Facebook's (FB) first phone with Facebook Home, customized software that modifies areas of Google's (GOOG) popular Android operating system so users can readily check status updates and text friends. The phone is also one of Facebook's biggest MOREJP Mangalindan, Writer - Jun 20, 2013 6:23 AM ET
|Water becoming more valuable than gold|
|What stumps Warren Buffett? Minimum wage|
|Will 7 Apples a day keep the bears away? - The Buzz|
|GM's $1.3 billion recall cost wipes out profit|
|Apple's stock split makes the math easier; new all-time high is $100|