In The one-two combo of hacking and malware struck less often this round, but definitely isnt down for the count. Filtering out the large number of physical ATM skimming incidents shows exploitation of weak and stolen credentials still standing in the ring.
According to Wade Baker, Principal Author for the Verizon Data Breach Investigation Report (DBIR), the proportion of breaches incorporating social tactics like phishing was four times higher in 2012.Credit the rise of this challenger to its widespread use in targeted espionage campaigns.
Correlated with the 14 per cent of breaches tied to insiders, privilege misuse weighs in at 13 per cent. Insider actions ranged from simple card skimming to far more complicated plots to smuggle corporate IP to competitors.
These attacks, aimed at paralyzing or disrupting systems, also have significant costs because they impair business and operations. The bottom line is that unfortunately, no organization is immune to a data breach in this day and age, said Wade Baker
The report indicated that the 52 per cent of the respondents stated hacking to be the tool for data breach, 40 per cent said incorporated malware and 35 per cent found the breaches involving physical attacks and 29 per cent said that breached occur due to leveraging social tactics.
Necessary steps to counter these breaches
The report indicated that there are a few imperative steps which can be followed to address this issue. They include:
- Eliminate unnecessary data; keep tabs on whats left
- Ensure essential controls are met; regularly check that they remain so
- Collect, analyze and share incident data to create a rich data source that can drive security program effectiveness
- Collect, analyze, and share tactical threat intelligence, especially indicators of Compromise (IOCs), that can greatly aid defense and detection
- Without deemphasizing prevention, focus on better and faster detection through a blend of people, processes, and technology
- Regularly measure things like number of compromised systems and mean time to detection in networks. Use them to drive security practices
- Evaluate the threat landscape to prioritize a treatment strategy. Dont buy into a one-size fits all approach to security
If you are a target of espionage, dont underestimate the tenacity of your adversary. Nor should you underestimate the intelligence and tools at your disposal
Take steps to better understand your threat landscape and deal with it accordingly, said Baker.
Add new comment