In Data BreachA Growing Menace
It is disheartening to find that in the year 2012, perhaps more so than any other year, the large scale and diverse nature of data breaches and other network attacks took centre stage; and this is extending to this year as well.
Rather than a synchronised chorus making its debut on New Years Eve, Paul Black, APAC Regional Managing Principal for Verizon and author of Verizons 2013 Data Breach Investigations Report (DBIR), witnessed separate, ongoing movements that seemed to come together in full crescendo throughout the year.
The 2013 DBIR also found that the proportion of incidents involving hacktivists--who act out of ideological motivations or even just for fun--held steady; but the amount of data stolen decreased, asmany hacktivists shifted to other methods such as distributed denial of service (DDoS) attacks. These attacks, aimed at paralysing or disrupting systems, also have significant costs because they impair business and operations. The bottom line is that unfortunately, no organisation is immune to a data breach in this day and age, said Wade Baker, principal author of the DBIR series. Today, we have the tools to combat cybercrime, but its really all about selecting the right ones and using them in the right way.
Motive for Attacks
Motives for these attacks appear equally diverse as money-minded miscreants continued to cash in on low-hanging fruit from any tree within reach. Bolder bandits took aim at better-defended targets in hopes of bigger hauls. Activist groups DoSd and hacked under the very differentand sometimes blurredbanners of personal ideology and just-for-the-fun-of-it. In addition, as a growing list of victims shared their stories, clandestine activity attributed to state-affiliated actors stirred international intrigue.
All in all, 2012 reminded us that breaches are a multi-faceted problem, and any one-dimensional attempt to describe them failed to adequately capture their complexity.
The 2013 DBIR corroborates this and brings to bear the perspective of 19 global organisations on studying and combating data breaches in the modern world. The list of partners is not only lengthy, but also quite diverse, crossing international and public/private lines. Its an interesting mix of law enforcement agencies, incident reporting/handling entities, a research institution, and other incident response (IR)/forensic service firms.
Victims of the Attack
The authors Wade and Black find victims in this report span across restaurants, retailers, media companies, banks, utilities, engineering firms, multi-national corporations, security providers, defense contractors, government agencies, and more across the globe. A definite relationship exists between industry and attack motive, which is most likely a byproduct of the data targeted (e.g., stealing payment cards from retailers and intellectual property [IP] from manufacturers).
The report stated that 37 per cent of breaches affected financial organisations, about 24 per cent of the respondents find breaches occurring in retail environments and restaurants, 20 per cent of network intrusions involved manufacturing, transportation and utilities, 20 per cent of the victims are hit through network intrusions attacked on information and professional services firms, and 38 per cent of breaches impact larger organisations across 27 countries.
Breach Perpetrators
According to Black, the main factor that spread the attacks has been from outsiders, as 92 per cent claimed that it is perpetrated by outsiders, with another crop of readers shaking their fists and exclaiming Noinsiders are 80 per cent of all risk! Perhaps theyre right. But our findings consistently showat least by sheer volume of breaches investigated by or reported to outside partiesthat external actors rule.
Pro-insider majority may see some justification in the results for all security incidents (rather than just confirmed data breaches), as insiders take the lead in that dataset.
State-affiliated actors tied to China are the biggest movers in 2012.Their efforts to steal IP comprise about one-fifth of all breaches in this dataset.
AshishThapar- Head - Global Consulting & Integration Services, India atVerizonEnterprise Solutions., says that Indian enterprises too are experiencing data breaches in a big way. The reason for this is that most IT heads or individuals use the same password for internal critical applications and also for social platforms such as facebook, linkedin etc, which paves the way for cracking the data.
How do Breaches Occur?
The one-two combo of hacking and malware struck less often this round, but definitely isnt down for the count. Filtering out the large number of physical ATM skimming incidents shows exploitation of weak and stolen credentials still standing in the ring.
According to Wade Baker, the proportion of breaches incorporating social tactics like phishing was four times higher in 2012.Credit the rise of this challengerto its widespread use in targeted espionage campaigns.
Correlated with the 14 per cent of breaches tied to insiders, privilege misuse weighs in at 13 per cent. Insider actions ranged from simple card skimming to far more complicated plots to smuggle corporate IP to competitors.
The report indicated that the 52 per cent of the respondents stated hacking to be the tool for data breach, 40 per cent said it was incorporated malware and 35 per cent found the breaches involving physical attacks, while 29 per cent said that breaches occur due to leveraging social tactics.
Ashish adds, Attacks on end user devices, mobiles, corporate network are increasing; about 54 per cent of the attacks are hitting servers. It is observed that about 60,000 login attempts are made by hackers, which indicates that someone is trying to break through the firewalls.
Necessary Steps to Counter these Breaches
The report indicated that there are a few imperative steps which can be followed to address this issue. While there is no single solution available, a methodical approach would help enterprises to protect their data. They include:
- Eliminate unnecessary data; keep tabs on whats left
- Ensure essential controls are met; regularly check that they remain so
- Collect, analyse and share incident data to create a rich data source that can drive security program effectiveness
- Collect, analyse, and share tactical threat intelligence, especially indicators of Compromise (IOCs), that can greatly aid defense and detection
- Without de-emphasising prevention, focus on better and faster detection through a blend of people, processes, and technology
- Regularly measure things like number of compromised systems and mean time to detection in networks. Use them to drive security practices
- Evaluate the threat landscape to prioritise a treatment strategy. Dont buy into a one-size fits all approach to security
If you are a target of espionage, dont underestimate the tenacity of your adversary. Nor should you underestimate the intelligence and tools at your disposal.
Take steps to better understand your threat landscape and deal with it accordingly, said Baker.
Parag Deodhar, Chief Risk Office, CISO and VP-Process Excellence, Bharti Axa General InsuranceCompany Ltd., agrees with the findings of the report.
I would tend to mostly agree with the report. The point which is difficult to believe is that insider threat is only 14 per cent; as in my experience, many of the incidents discovered have involvement of employees / contractors / outsourced vendors or partners, says Deodhar. Probably organisations are wary about reporting such breaches. The methods used also seem to miss out on misuse of authority (access rights / access to confidential data).
According to Deodhar, Threats / breaches related to new trends like cloud / BYOD / mobility which are adding to the data breaches form a separate study by itself.Also, data breaches occurring through loss of mobile assets (laptops / tabs / mobile phones) seem to be missing in the report.
Further, The solutions to mitigate the risks are summed up quite well. One thing which should be emphasised is awareness training across all levels of employees / partners / contractors, as people are the weakest link and must be strengthened through training, adds Deodhar.
Add new comment