, ,

Profiling a Data Breach – Where Should You Spend Your Cybersecurity Resources?

In the 2014 budget request the White House sent to Congress one of the few areas to not get cut dramatically was cybersecurity. But before we pour resources into protecting our networks from cyberattacks it is important to know from where and from who these attacks are coming.

That’s where the annual Verizon 2013 Data Breach Investigations Report comes in. The report covers data breaches investigated during 2012 by the company’s RISK Team and 18 other organizations from around the globe, including national computer emergency response teams (CERTs) and law enforcement agencies. The report compiles information from over 47,000 security incidents and 621 confirmed data breaches that resulted in at least 44 million compromised records.

Stephen Brannon is a senior analyst for Verizon. He told Chris Dorobek on the DorobekINSIDER program that, “even though the majority of data breaches continue to be the result of financially motivated cybercriminal attacks, cyberespionage activities are also responsible for a significant number of data theft incidents.”

Diversified Attacks?

“You might make the argument that it there have been diversified attacks all along. But now with the clearer reporting metrics you can see it better. You are able to tease out certain threads of threats,” said Brannon. “There is no average attack model. There is not such thing as a typical attack or victim. One way to look at it is to figure out what theme applies to you, the would-be victim.”

Key Trends Based on the Attacker Motives

“We see bad guys coming from almost everywhere but there are groupings. The key is to think about who you are as the victim and that can help you identify the attacker,” said Brannon.

  1. Financially Motivated Attackers account for almost 75% of attack actions.
  2. Espionage – these are attacks that target intellectual property.
  3. Hacktivists are less prominent. But they do get a lot of attention.

No One is Safe

“A lot of people and agencies think they won’t be attacked because they don’t have valuable information. But they actually have data that for some reason people are going after. For example agencies could have personal data on citizens that could be monetized by organized crime,” said Brannon.

Time To Acknowledge a Problem

“Oftentimes the victim doesn’t know they have a problem for a long time and there is still a percentage of people that actually get notified of an attack by a third party,” said Brannon.

External vs. Internal Attacks

“Our data suggests that the alarm about insider threats may be a bit overblown. Just by the numbers of people going after data and financial information are done in large part by external actors. The nature of the internet allows people to attack from anywhere,” said Brannon.

Where are the hackers from?

“There is a pretty high correlation between the hacker’s motivation and where they are coming from,” said Brannon.

Social Attacks

“Social attacks against humans are pretty common. We tend to see those at larger better protected organizations. We see it in places like the government where attackers can’t just guess passwords. So they have to something else to get access like phishing,” said Brannon.

Recommendations

  • Take down all non-essential information.
  • Don’t discount your adversaries.
  • Know your risks.
  • Re-align security measures to your risk factors.

*All graphs are from the Verizon Data Breach Report.

Check out GovLoop’s Infographic on Cybersecurity right here!

Want More GovLoop Content? Sign Up For Email Updates

Leave a Comment

2 Comments

Leave a Reply

Henry Brown

IMO VERY Interesting quote from page 5

“Another year, another report dominated by outsiders. Another crop of readers shaking their fists and exclaiming “No—insiders are 80% of all risk!” Perhaps they’re right. But our findings consistently show—at least by sheer volume of breaches investigated by or reported to outside parties—that external actors rule.”