Herndon, VA (PRWEB) March 07, 2013
The forthcoming release of Verizon’s 2013 Data Breach Investigations Report (DBIR) is regarded by many in cybersecurity as the industry’s own “State of the Union” address. For Herndon Virgina based ThreatSim, the 2013 Verizon DBIR is especially significant as ThreatSim was included as one of the 19 contributing data sources for the report. ThreatSim is also the first and only contributor to the Verizon DBIR to include statistics that provides insight into how organizations are victimized by phishing and which training methods are most effective in combating phishing.
The distinction is welcome by ThreatSim leadership. The company specializes in training users to be skeptical of suspicious emails, avoid clicking on suspect links, and thereby reduce the risk of data loss breaches. According to ThreatSim founder and CEO Jeff LoSapio, the report is essentially confirmation that phishing and spear phishing is the preferred weapon in in the majority of breaches.
“When you consider that last year’s report didn’t even mention phishing, our inclusion constitutes real industry enlightenment,” LoSapio explained. “Our industry has spent plenty of time and technology on dealing with the aftermath of a breach. Now, the industry as a whole is recognizing the need to invest in tactics that prevent the likelihood of those breaches in the first place. There is a better way.”
LoSapio added that Verizon’s report serves as the follow through to the APT1 report released by leading incident response firm Mandiant last month. The Mandiant report analyzed the tools, techniques, and methods of one of the world’s most effective state-sponsored cyber attack groups and has resonated through the industry as confirmation that spear phishing is the preferred initial attack vector used by sophisticate and garden-variety attackers alike.
Speaking to the value of the Verizon report, ThreatSim CTO Trevor Hawthorn noted that it is more than simply a collection of abstract anecdotes and war stories. “The Verizon DBIR is comprised of actual data from response teams from around the world,” Hawthorn said. “And the Verizon Risk Team has done a tremendous job making the data actionable. It’s presented in a way that makes it easy to analyze and mine.”
Hawthorne also reiterated the insistence that cyber security has to include user training, and not rely on technology alone. “Phishing and spear phishing are what opens the door. You can build ever higher walls, add more barbed wire, but if someone just opens the door, the strength of all of your perimeter defenses is immediately irrelevant. The Verizon 2013 Data Breach Investigations Report confirms that training end users to avoid suspect emails, attachments and links is now a necessity. And the more you do it, the more risk you reduce.”
ThreatSim delivers full-circle attack simulations designed to change user behavior and minimize the likelihood of loss due to phishing attacks. It combines user awareness training (SpearTraining™) with cutting edge network exfiltration (Xfil) simulation to create a platform that is as responsive as it is protective. To learn more about ThreatSim, visit http://www.threatsim.com.