What can CXOs learn from analyzing 41,686 cybersecurity incidents?
CYBERSECURITY incidents are scary and can have significant repercussions for businesses and their leaders. Irrespective of company size, industry vertical, or geographic location, cybersecurity is a top concern among CXOs.
In isolation, each cybersecurity incident is unique.
Take the Marriott data breach, for example, where 383 million records were stolen by hackers. According to reports, 5.25 million unencrypted passport numbers, 20.3 million encrypted passport numbers, and 8.6 million encrypted credit or debit card numbers were exposed, among other records.
In a similar attack, Cathay Pacific’s team found that passport and credit card information of 9.4 million of its passengers were exposed in a data breach.
Although unique in the way each attack was orchestrated, grouping them together with others exposing the same kind of data or with those in the same (or related) industry can really help find ways to prevent future attacks.
The 2019 Verizon Data Breach Investigations Report (DBIR) published recently analyzed 41,686 such security incidents to answer five key questions for CXOs and business leaders to learn from.
# 1 | Who were the victims?
From the study, it is clear that the majority of breaches involved small business victims. About 43 percent of the incidents that the company analyzed had occurred at small businesses.
That’s not a surprising statistic, actually. In the past year or two, government bodies and private institutions have emphasized the risk that small business face because of the lack of resources and sophistication when it comes to protecting themselves in cyberspace.
“The quantity and sophistication of cyber threats to banks are rising significantly. We’re seeing an increase in the scale of attacks,” Mastercard’s APAC’s Senior Vice President — Cyber & Intelligence Solutions Karthik Ramanathan told Tech Wire Asia recently.
It’s why the company designed a tool to help small businesses prevent cyberattacks in partnership with the Global Cyber Alliance (GCA).
The study also emphasized that 16 percent of the breaches happened in the public sector, 15 percent in healthcare organizations, and 10 percent involved the financial services industry.
# 2 | What tactics were utilized?
An important fact that the report revealed was that not all breaches involved hacking.
Almost half of the breaches (48 percent) involved other methods such as social attacks (33 percent) and malware (28 percent).
This is a critical finding because it emphasizes the fact that employees need better training when it comes to understanding the risks that their actions expose the organizations to, the right ways to protect themselves online, and best practices to ensure the safety and security of the organization.
While four percent of cyber attacks involved physical actions, 15 percent were cases where an authorized user misused their credentials. Of the remaining, 21 percent of breaches involved errors that were causal events.
# 3 | Who was behind the breaches?
Of all the breaches studied by the team, 69 percent were perpetrated by outsiders and 34 percent involved internal actors.
This is a critical insight that all organizations must really pay attention to. While the breaches led by outsiders isn’t something unusual, the one-third that are perpetuated by internal actors is a key concern.
According to experts, a large proportion of breaches by internal actors can be avoided by simply following better identity and access management (IAM) guidelines and using stronger controls.
Some of the things that organizations can immediately do is make sure that the credentials of those leaving the organization are immediately invalidated upon exit, access is granted on a needs basis and monitored periodically to ensure that access to applications is only provided to those that need it.
# 4 | What are some of the common themes behind the breaches?
Common themes behind breaches help understand what motivates those who commit the crime and how they went about executing it.
According to the study, 71 percent of breaches were financially motivated while 25 percent of breaches were motivated by the gain of strategic advantages (including corporate espionage).
In terms of how the breaches were executed, it seems that phishing and identity theft are still quite popular in the world of cybercrime.
The report found that 32 percent of breaches involved phishing and 29 percent of breaches involved the use of stolen credentials.
Again, this proves the importance of ensuring that employees are trained appropriately to understand the repercussions of opening suspicious emails and plugging in USB drives into the corporate network without scanning them first.
“For truly effective security awareness programs capable of changing the culture of a company to become more cyber-aware, organizations require full-time, dedicated resources with skills in marketing and communications,” Wall Street Journal (WSJ) Pro Cybersecurity Research Director Rob Sloan told Tech Wire Asia recently.
# 5 | What are the top threat action varieties in breaches?
Evaluating the top threat action varieties reveal what exactly do hackers do when they want to breach an organization.
According to the study, phishing and the use of stolen credentials are some of the prominent things that are spotted.
The next group of most prominent methods includes the installation and subsequent use of backdoor or Command and Control (C2) malware. These tactics have historically been common facets of data breaches and based on data collected by the reporting team, there is still much success to be had there.
The next two are privilege abuse and spyware/keylogging — both of which can be remedied if organizations take proper actions now, using stronger IAM solutions and more intensive and inclusive training around cybersecurity.