Data breach report: what do we know about today’s IT security threats?
Fri, 30 Jun 2017 10:16
What are the biggest threats to your digital security? The tenth annual Data Breach Investigations Report from Verizon offers an overview of the current IT security landscape, including emerging threats and the most common causes of data breaches. While the report covers some new ground, one of the most startling aspects of the research is how many known threats continue to cause problems for organisations of all sizes.
And that brings us neatly to one of the report's key findings: you don't have to be a global conglomerate to attract the interest of cybercriminals. Many small organisations are attractive to hackers because they are less likely to have strong defences and up-to-date systems. Small companies might be more vulnerable to phishing – especially if the people in customer-facing roles have not been trained to recognise and avoid phishing efforts. Being aware of phishing is not always sufficient to resist these probes; cybercriminals are constantly evolving and are incredibly creative when it comes to producing emails that look and feel legitimate.
Many of the old threats are still causing problems. Weak passwords are a common point of entry. Organisations are still guilty of using the default passwords that come with new products and applications, and which are widely circulated online.
Initial security breaches, whether caused by phishing, weak passwords or unpatched software, are often followed up with an installation of malware. This creates a permanent backdoor that cybercriminals can then exploit in a number of ways, such as installing other malware, taking over the machine, or using the computer's processing power to support activities like denial of service (DDoS) attacks or mining crypto-currencies. Having established a backdoor, hackers may seek to extend their reach to other machines in your network. This is often an effective strategy that allows criminals to take control of large numbers of computers after making a single breach.
The type of malware known as ransomware, which involves encrypting your files until a ransom is paid, has shot up the malware charts, and is now the fifth most popular type. An example of ransomware is the WannaCry virus that crippled hundreds of NHS computers recently.
The Verizon report seeks to correct a few misconceptions about cybercriminals. In particular, they remind us that cybercriminals are rarely as sophisticated as we imagine. They may not target specific businesses; they're more likely to use a scattergun approach to look for weak spots and try to find a backdoor, either by phishing or looking for unpatched software. Most hackers are just trying to make money. They are opportunistic and will happily take data, corporate secrets, marketing lists, contact information, payment details or cash.
One danger for companies with seemingly strong defences is complacency. Your security may have prevented data breaches to date, but is your security evolving as quickly as the hackers?
Verizon point out the importance of training. "Throw your weight behind security awareness training and encourage your teams to report phishy emails." People will always be the front line when it comes to resisting attacks. Being aware of the risks – and the lengths that cybercriminals will go – is a first step towards digital security.
Other warning signs to look for are large data transfers. Does your system provide alerts when large transfers occur? Internal threats are still significant. Your organisation must also protect against disgruntled employees armed with a USB drive.
How does your organisation keep up with changing threats from cybercriminals?