The number of incidents of data breaches is firmly on the rise, according to the latest Verizon 2014 Data Breach Investigations Report (DBIR), which suggests that it is more important than ever for organisations to take a stand against cybercrimes that threaten their business.
Designed to enable a more focused and effective approach to fighting cyberthreats, the report reveals that 92% of all security incidents over a ten-year period can be traced to nine basic attack patterns that vary from industry to industry. These patterns are: miscellaneous errors such as sending an email to the wrong person; crimeware (various malware aimed at gaining control of systems); insider/privilege misuse; physical theft/loss; Web app attacks; denial of service attacks; cyberespionage; point-of-sale intrusions; and payment card skimmers.
The report, which analysed more than 1,300 confirmed data breaches as well as more than 63,000 reported security incidents across 50 organisations spanning the globe, shows that the tally of data breaches now exceeds 3,800 over the entire 10-year range of the study.
Identity theft at large
The use of stolen and/or misused credentials (user name/passwords) continues to be the number one way to gain access to information, as two thirds of breaches exploit weak or stolen passwords. The report also shows that while external attacks still outweigh insider attacks, insider attacks are up, especially with regard to stolen intellectual property. The report points out that 85% of insider and privilege-abuse attacks used the corporate LAN, and 22% took advantage of physical access.
Spies on the rise
Cyber-espionage is also on the rise again in the 2014 report, representing a more than three-fold increase compared with the 2013 report, with 511 incidents partially due to a bigger dataset. China still leads as the source of the most cyberespionage activity ahead of other regions of the world, including Eastern Europe and these attacks were found to be the most complex and diverse, with a long list of threat patterns.
Who is the target?
According to the DBIR, attackers are mainly going for payment and bank data, which they can quickly convert into cash. User credentials are also a popular target, but mainly as a gateway to other kinds of data or other systems. Reflecting the rise in espionage attacks is a growth in theft of secrets and internal data.
Who is the culprit?
The report also indicates that most attacks are perpetrated by external actors, as opposed to employees and partners—good news for HR at least. Financially motivated criminal gangs are still the dominant type of perpetrator in external attacks—although espionage appears increasingly often in the data set. Despite all the emphasis on ‘hacktivism’ in the press, ideology-driven attacks remain a very small percentage of the total.
What can HR do?
Whilst it seems that no organisation is immune to a data breach, there are strategic measures that HR can take to help combat the threat of such attacks.
Wade Baker, principal author of the Data Breach Investigations Report series explained, “After analysing 10 years of data, we realise most organisations cannot keep up with cybercrime—and the bad guys are winning. But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically.”
He added, “Compounding this issue is the fact that it is taking longer to identify compromises within an organisation—often weeks or months, while penetrating an organisation can take minutes or hours.”
Tips to tackle cybercrime:
- Be vigilant. Organisations often only find out about security breaches when they get a call from the police or a customer. Log files and change management systems can give you early warning.
- Make your people your first line of defense. Teach staff about the importance of security, how to spot the signs of an attack, and what to do when they see something suspicious.
- Keep data on a ‘need to know basis’. Limit access to the systems staff need to do their jobs. And make sure that you have processes in place to revoke access when people change role or leave.
- Patch promptly. Attackers often gain access using the simplest attack methods, ones that you could guard against simply with a well-configured IT environment and up-to-date anti-virus.
- Encrypt sensitive data. Then if data is lost or stolen, it’s much harder for a criminal to use.
- Use two-factor authentication. This won’t reduce the risk of passwords being stolen, but it can limit the damage that can be done with lost or stolen credentials.
- Don’t forget physical security. Not all data thefts happen online. Criminals will tamper with computers or payment terminals or steal boxes of printouts.
Paul Arkwright
Publisher
