A Blog by Jonathan Low

 

Mar 24, 2012

Biggest Threat to Corporate Networks in 2011? Hacktivists, Not Cybercriminals

So much for the Chinese Army and Russian gangs for now.

Research from US telecom giant Verizon says that Anonymous and others with a political rather than criminal agenda were responsible for the bulk of corporate network break-ins and data thefts in 2011.

One lesson is that preparing to fight an opponent who thinks and acts like you may well be a sign that you are missing the real threat. Another implication is that the corporate defenses currently in place may be woefully offpoint. Think Singapore in 1941: all the big guns in that doomed British colony were pointed out to sea, which is where the British, with their vast navy, thought the threat would be. So the invading Japanese landed to the north in what is now Malaysia and attacked from the landward side. Game over. JL

Carolyn Marsan reports in Network World (hat tip Naked Capitalism blog):
Hactivists - not cybercriminals - were responsible for the majority of personal data stolen from corporate and government networks during 2011, according to a new report from Verizon.

The Verizon 2012 Data Breach Investigation Report found that 58% of data stolen in 2011 was the result of hactivism, which involves computer break-ins for political rather than commercial gain. In previous years, most hacking was carried out by criminals, Verizon said.
Altogether, Verizon examined 855 cybersecurity incidents worldwide that involved 174 million compromised records. This is the largest data set that Verizon has ever examined, thanks to its cooperation with law enforcement groups including the U.S. Secret Service, the Dutch National High Tech Crime Unit and police forces from Australia, Ireland and London.

Outsiders - rather than rogue employees - were responsible for 98% of the data breaches examined by Verizon last year.

"Activist groups created their fair share of misery and mayhem last year...They stole more data than any other group," the report said. "Their entrance onto the stage also served to change the landscape somewhat with regard to the motivations behind breaches. While good old-fashioned greed and avarice were still the prime movers, ideological dissent and schadenfreude took a more prominent role across the caseload."

As in previous years, Verizon has found that most cyberattacks were avoidable if network managers followed best practices for information security. Verizon said that 96% of attacks were "not highly difficult," and 97% of attacks were avoidable through "simple or intermediate controls.''

"The large majority of these attacks were not highly sophisticated," said Chris Novak, managing principal on Verizon's data breach investigation response team. "A lot of what we're talking about is known vulnerabilities, like weak passwords. But knowing something is wrong and doing something about it are two different things. I know I'm supposed to eat well and exercise, but I don't always do it."

One of the biggest threats to organizations with more than 1,000 employees were phishing attacks and other scams that involved tricking employees into infecting their systems with malware. These organizations also were more likely to have stolen passwords and physical break-ins to data centers than smaller employers.

Once a corporate network has been penetrated by hactivists or cybercriminals, it takes a long time for network managers to figure out, Verizon said. It took weeks or months to discover 85% of the security breaches in 2011, and 92% of these breaches were discovered by a third-party rather than the company's IT staff.

"One of the most stark things in this data is that once the bad guys get in your network, they were there for weeks or months or years,'' Novak said. "The fact that they can do some serious damage is not so surprising given the timespan of these incidents.''

While CIOs have been focused on securing mobile devices, particularly those owned by employees, the bigger threat is to the servers they operate. Verizon said that 94% of all data compromised last year involved servers, not endpoints.

"We've had a relatively small amount of situations regarding [Bring Your Own Device] scenarios,'' Novak said. "The policies around that are very, very strict in most organizations. With mobile device management software, there is a limited ability to do damage from a stolen smartphone. The majority of devices being targeted are servers.''

Similarly, few security breaches involved cloud computing applications last year.

"We're finding that the cloud in and of itself doesn't seem to be a significant threat overhead,'' Novak said. "A lot of the breaches we're seeing are when something is moved to the cloud and it had a vulnerability before hand that wasn't fixed. Generally, we're not seeing the cloud add significant risk.''

0 comments:

Post a Comment