Event anomalies can be an indicator of attack, but they can also rather commonly just be an IT problem too…
The Incident Response Report published today by F-Secure and summarising it’s own investigations, shines light on both attack methodologies and corporate attack reporting. Email inboxes, via the dual whammy of phishing and malicious attachments, are the most common source of breaches (34 percent combined.) The single biggest attack source was the exploitation of Internet-facing service vulnerabilities (21 percent.) Neither of which are exactly surprising statistics to be honest.
That 13 percent of the reported incidents investigated by F-Secure turned out to be false alarms is, perhaps, more so.
The number of such false alarms certainly took Tom Van de Wiele, F-Secure’s principal security consultant, by surprise and reveals an enterprise struggle with detecting what is and isn’t an attack. “Sometimes we’ll investigate and discover an IT problem rather than an attack” Van de Wiele says “which drains resources and distracts everyone from dealing with the real issue.”