According to the New Verizon 2013 Data Breach Investigation Report…
It’s still traditional assets (laptops, desktops and servers) that are most at risk — not the new web applications that you might be spending your time worrying about.
Verizon states that while the sophistication of attacks is growing, most breaches could still be easily prevented.
Keeping on top of the threat landscape is no doubt a constant challenge for many. According to Verizon, the best way to effectively prepare yourself is with hard data and expert analysis.
Who are the attackers?
Before going into who Verizon defines the attackers as being in their report, this morning oddly enough I could have almost been an attacker myself (well, it all depends on how you look at it) had I followed the directions of a text message from my children’s school district. The text message was directed towards high school students, staff and parents (though my kids are in elementary school) and said, “All high school students and staff need to read the announcement on the district web site before entering the school today.” Being that my mind thinks in terms of privacy, security and risk I immediately thought… “The school is setting themselves up for a DoS attack!” with their students, staff and parents as the attackers. Ok, I know I’m exaggerating a bit. However, it was 6:55 am when the text arrived and high school begins at 7:30 am so you can only imagine how many students, staff and their parents must have went right to the website all at the same time wondering what the reason was and especially since they needed to read the notice on the website within the next 30 minutes “before” entering the school. The unusual increased volume of traffic being directed to the school district website could have very well temporarily or indefinitely interrupted or suspended service.
Of course, the school probably did not think about that when they sent the text message and its quite possible that I was the only one who did. In the end, the school website was still accessible (although I did not attempt to view it during that limited time frame mentioned above) and the message on their website stated that there was a power outage at the school. Therefore, redirecting students/staff to enter through the main school entrance. However, this could have had a very different ending if the school website went down.
My whole point of even mentioning this incident is to show how things can happen, whether its an innocent event (as above), or due to negligence and/or accidental – its all part of living in the digital age and operating our businesses, organizations and even schools online. Besides that, according to Verizon we also have three key groups of actors who commit cyber attacks.
Each has different motivations and tactics, but the net effect of their actions is disruption, financial loss and damage to reputations.
According to Verizon, these three groups of attackers are:
1. Activists
2. Criminals
3. Spies
Activists are opportunistic but have numbers on their side. Their aim is to maximize disruption and embarrassment to their victims.
Cyber criminals are motivated by financial gain, and are more sophisticated and calculated in how they select targets. They often use more complex hacking techniques than activists. Once they’ve gained access, they take any data that might have financial value.
Spies are often state-sponsored. This group uses the most sophisticated tools to commit the most targeted attacks. They know what they want — be it intellectual property, financial data or insider information –and are relentless about getting it.
One of Verizon’s titles in the executive summary of the report asks “As long as we lock down the network we’ll be safe, won’t we?”
I beg to differ and ask, “What happens if your network is locked down and one of the three mentioned attackers gets in? Do you have an incident response plan to respond to such an event and its aftermath?” If you don’t there’s no better time than now to explore how a cyber/data breach insurance policy can help act as your incident response plan when your locks fail.