Understanding Data Breaches in 2017
The current threat landscape is immensely challenging for cybersecurity professionals, who must account for a broad spectrum of risks posed by individuals outside and inside their organizations. It is not just hacking or malware that now regularly enable attacks against today’s firms: There are also the openings provided by social networks, weak passwords and basic user error, all of which are now significant causes of breaches documented in the 2017 Data Breach Investigations Report from Verizon.
Outsiders, not insiders: Understanding the main sources of modern cyberthreats
When we think of data breaches, we often fixate on the cybercriminals, organized groups, and state-affiliated agencies that spearhead many major attacks. This year’s DBIR confirmed that this focus is justified, with three-fourths of all breaches perpetrated by these outsiders.
While there was a slight downtick in the percentage of incidents that originated with such actors in 2016 and a corresponding uptick in ones from insiders (e.g., employees), the gap between the two remained substantial. However, insiders are still a particularly major concern within industries such as healthcare and finance, as well as in the public sector.
Certain types of attacks are closely associated with each source:
- Denial-of-service and hacking: Almost all DDoS campaigns (98 percent of them) are targeted at large organizations and carried out via botnets.
- Crimeware: Ransomware in particular has been on the rise for years. The recent Wanna Crypt variant has paralyzed thousands of computers worldwide.
- Cyberespionage: More than 90 percent of these events were traceable to state actors, which frequently targeted manufacturers and professional services firms.
- Data exfiltration: Sixty percent of the insider-initiated incidents from the Verizon DBIR involved data theft with the hope of eventual monetary gain.
- Unauthorized snooping: Medical records and other forms of personally identifiable information are extremely common targets of such prying.
- Account access: Company databases and email accounts may be broken into and their contents either read or stolen.
Passwords loom large in data breaches
In 81 percent of hacking incidents, attackers exploited a weak or default password. The use of straightforward passwords such as “123456” and “admin” make it relatively easy for outsiders to gain access to a critical system, and for insiders to escalate and misuse their privileges.
“In 81 percent of hacking incidents, attackers exploited a weak or default password.”
Moreover, passwords alone are simply insufficient to protect assets that are essential to an organization’s daily operations. Multi-factor authentication – the practice of requiring additional tokens to properly identify anyone requesting access to a system – is an important enhanced measure in information security management. Network segmentation is also useful, since it allows subnetworks to require their own forms of authentication, preventing a would-be attacker from gaining access to the entire network with just a single set of credentials.
Shoring up vulnerabilities to external and internal breaches
With these findings from the Verizon DBIR in mind, it is imperative that cybersecurity teams have the ability to detect and respond to a wide variety of threats. By being proactive and understanding the most common issues, they can implement the processes, tools and personnel necessary for comprehensive protection. Learn more about managed security services today to get started on a path toward safety.