Blog Details

Okay, so it’s that time of year again... Actually, it was a little while back but I am just now getting into reading and trying to pass along the interesting tidbits that others might find interesting about this year’s incarnation of the Verizon Data Breach Incident Report.  For those of you unfamiliar with the report, its effectively one of the best resources talking about cybercrime and the ways that bad guys do bad things.  Additionally, and maybe more useful, it also breaks the information down by business vertical to address the real-world threats that the industries of Retail, Manufacturing, Healthcare, etc. are seeing out in the wild. For those of us who have been watching the security landscape for the last year, none of this is surprising. This year brings with it the same attacks and problems that we have seen in the previous year’s only with greater accuracy and volume. Without any additional wait here is your FUD (security slang for Fear, Uncertainty, and Doubt) and hopefully a little bit of light at the end of the tunnel.

One of the major themes that we are continuing to see is the increase in cybercrime away from the fun/grudge/hacktivism to a more organized crime and financial nature.  Unfortunately, this type of changes leading to higher incidences in the retail and financial spaces. However, when it comes to the retail space it is still more common for a website to be attacked by a denial of service attack then any other attack. Of the items listed in the report (retail space) 209 of them were related to denial of service style attacks while only 19 were related to malware.  Automated attacks are on the rise, with botnets at the center of hacking as well as denial of service attacks.

Another trend that we are going to look at is the rise in the number of ransomware attacks.  There’s no denying that the rise in ransomware over the last couple years has been due to the availability of simple technology (including the building of ransomware kits), low risk of getting caught, as well as its profitability. The number one entry point for ransomware into the business remains human beings. The nature of these attacks are such that, Individuals caught in phishing schemes are enticed to download applications the computer. Based on information collected by the report states that around 7% of people inside an organization of 30 or more people will fall victim to the lure of a phisher, and of that set 15% would do it again.  This is the reason that more emphasis needs to be placed on the adoption of security training to spot and avoid phishing attacks.  Developing a culture of “seeing something and saying something” is pivotal in finding an ending these types of attacks.  The unfortunate side effect of not stopping these attacks is, as indicated by the report, is the exfiltration of company secrets and client credentials. The main saving grace here is that one in 5 of their users will report a suspicious looking email if they are trained properly, this closes the window on the amount of time involved in an attack. With the rise that we have seen in the first couple of months of 2017 with there being several news worthy stories it doesn’t appear that the threat of ransomware is going anywhere any time soon.

In the public sector we’re starting to see an increase in the number of state affiliated actors (accounting for almost 50%) that are going after secrets held at all levels of the public sector. The biggest problem that is presented in the space seems to be that the time between the initial infection and the point where the attack is caught still ranges in the years versus in the days or months for the retail sector. Of the incidents that were reported in the incident report 60% took longer than a year(s) to be discovered.  In these particular incidences, knowing the threat that your organization is faced with can go a long way to reducing your susceptibility to attack.  It appears in many ways that the public sector is more like the manufacturing when it comes to the nature of how they are being targeted, specifically that they are being more targeted by nation state actors.  Again, in this instance the human being is the main entry point for any attack.

Information businesses are still a major target on the internet, and we are finding that once you get past the deluge of Denial of Service Attacks, you find that the hacking of web based applications by botnets is still a very real threat.  Once malicious bot nets target your site they are performing the following actions: using or accessing stolen credentials, using a backdoor or command and control script, installing spyware or keyloggers, phishing, or exfiltrating data.  If there are two things that you’re looking to do this year to improve the security of your information based website they should be to implement two factor authentications and building a plan for dealing with denials service attack. As an administrator or user you should know that the majority of username and passwords that are stolen from sites are used in attacks against financial organizations relying on users that reuse passwords on multiple sites.

In the end there is good news, and this should be hopeful, with attention and training many of these points can get smaller. The bad guys can't necessarily be stopped entirely, but it is possible to prevent from being an easy target. Proper planning, protection of assets, and adequate, consistent training of the staff can go a long way to protecting the business.  

Download the Verizon Data Breach Incident Report NOW

Recommended For You

How a Man-In-The-Middle Cybersecurity Attack Works
Understanding how a man-in-the-middle cybersecurity attack works, its functionality and how to defend against such an attack is vital to safeguarding any enterprise network.
The Continued Growth of SaaS and the Cloud Has Complicated Cybersecurity
Both SaaS and the use of the Cloud can lead to substantial security flaws, which is why understanding how the two Internet technology complicate cybersecurity is essential for any size business utilizing these resources. 
The Impact of Internet of Things (IoT) on Cybersecurity

IoT (Internet of Things) devices may provide a backdoor into a corporate network for skilled hackers and cyber criminals. Understanding the impact of IoT on cybersecurity is critical for any enterprise.

Welcome to the Dark Side: What The Dark Web Means to Your Business

Within an overlay networking corner there exists a different side of the World Wide Web. Something many have never accessed and still others have never heard of. It is the dark web. But what exactly is the dark web, and should business owners and network administrators worry about what takes place on the other side of the Internet?

Most Common Social Engineering Attacks and Why they Work

The basic principle of a social engineering attack is the ability to manipulate an individual into providing desired information. This information is typically confidential, such as a credit card number, routing information, login/password, or other data the requesting should not have access to.

The Best Ways to Prevent and Protect Against Phishing Attacks
In order to prevent a phishing attack, it is necessary to identify the security weaknesses and set into place different methods to prevent and protect against such phishing attacks.
Phishing Attacks - Why Employees Are the Weak Link in Cybersecurity
A phishing attack is one of the most common methods external malware, spyware or other threats access a network, and yet it also is one of the easiest to avoid. As a company's Internet security is only as strong as the weakest link, it is vital to understand why employees are the weak link in a company's cyber defenses.
DDoS Protection - How to Protect Your Business from DDoS Attacks

Distributed denial of service attacks can come from anywhere. As the best defensive mechanism is prevention, this blog post share several of the best ways you can protect your business from possible DDoS attacks. 

The Anatomy of a DDoS Attack - What it is and How it works

Understanding what a DDoS attack is and how it works is your first step toward protection. This blog takes a closer look at the basics of a DDoS attack.