Security Is Falling Short When It Comes To Dealing With Growing Cyber Attacks

The total number of network breaches are on the rise, although data loss from cyber attacks has decreased significantly, according to two new security studies. Verizon's 2011 Data Breach Investigations Report finds that while data losses declined in 2010, the total number of breaches was "higher than ever." The second study, the Trustwave Global Security Report, analyzed data breach investigations in 2011 and found that customer records continue to be a primary target for attackers, comprising 89% of breached data investigated.

According to Michael Davis, CEO of Chicago-based security consulting firm Savid Technologies and author of the new InformationWeek Report "How to Pick Endpoint Protection,"malware was by far the most common reason for security breaches suffered by respondents to the InformationWeek 2011 Strategic Security Survey. He says they routinely see users dismiss a security prompt or choose to execute a program (which turns out to be malicious) because they are irritated at being interrupted or don't understand the consequences of their actions.

The number of compromised records involved in data breaches investigated by Verizon and the U.S. Secret Service decreased from 144 million in 2009 to only 4 million in 2010, representing the lowest volume of data loss since the report's launch in 2008, Verizon says. By contrast, its report covers about 760 data breaches, which Verizon says is the largest caseload to date. Wade Baker, director, research and intelligence, at Verizon Enterprise Solutions, says that was the most surprising finding. "To go from 385 million in 2008 to less than 4 million a couple of years later is a pretty dramatic decline,'' he says. "That's hands-down the No. 1 thing that surprised me."

The biggest trend, according to Baker, has been the shift in tactics used by organized criminal groups. "They're really in it for the money--not to embarrass you or steal intellectual property ... They're just looking to make a buck." Organized crime groups are especially prevalent in Eastern Europe and South America, he says, and they specialize in offloading records in the black market.

Significantly, both reports found that the food, beverage, hospitality and retail verticals saw the most system breaches. Baker says there has been a decline in the number of records being stolen in the financial sector since many hackers were caught and sent to prison, which "sent a message" and changed the way they calculated risk. Hackers then began targeting smaller companies and settling for smaller batches of data, he says.

"It's very interesting--the hospital and retail standard attack is a very quick attack, where the attacker scans the internet for openings in remote access systems." He says attackers look for well-known user names and passwords that can be easily compromised. "These organizations don't have very strong security mechanisms."

The Verizon report also found that outsiders are responsible for 92% of breaches, a significant increase from the 2010 findings.

The Trustwave report found that industries with franchise and chain store models are the top targets, primarily because franchises often use the same IT systems across stores. The report notes that if a cybercriminal can compromise a system in one location, "they likely can duplicate the attack in multiple locations. More than a third of 2011 investigations occurred in a franchise business and this number is expected to rise in 2012."

Trustwave also determined that passwords remain a big problem for global businesses and that, despite well-publicized data breaches, companies continue to allow employees and system administrators to use weak passwords. The most common password businesses use is Password1, which satisfies the default Microsoft Active Directory complexity setting, Trustwave says.

In addition to the ongoing threats of malware and hacking, the financial services industry needs to be vigilant about watching for social engineering tactics, says Baker, where people are tricked and deceived and are prime targets of phishing attacks. "Criminals usually have to work harder here and try different techniques that are more ... sophisticated." Baker says he "likes to make the point [that] if you're in charge of managing security in the financial services industry, the threats most pertinent to your organization are very different from [threats geared toward] hospitals and retail, so the way you go about securing your systems needs to be different. The one-size-fits-all notion doesn't fit."

Baker says remote access applications that smaller businesses tend to use from third-party providers are very common ways for criminals to get into systems. He says 71% of all intrusions occur through remote access as the starting point for hackers to get into networks. Small businesses may not be aware this is a problem or know whether their vendors are doing a good job of securing those systems.

However, he believes that while large companies are more security-minded, they still tend not to monitor systems as closely as they should. "One of the chief problems we call out in this report is it's not really what we don't know that hurts us in the security world ... it's almost always the stuff we know about and how to handle and what to do to prevent [breaches]. But for some reason we're not doing those things."

Learn more about Strategy: SIEM by subscribing to Network Computing Pro Reports (free, registration required).