The Cybersecurity Playbook
2. Crimeware
Verizon uses this term to differentiate malware with functionality like command-and-control (C2), DOS, backdoor, keylogger and downloader from more specialized classification patterns such as cyber-espionage or point-of-sale (POS) intrusion. Crimeware is involved in 28.5% of incidents and 18.8% of confirmed breaches in the DBIR.
Vigilance with basic anti-virus programs goes a long way toward preventing this “in.” According to Gartner, Symantec is still the market leader on that front, followed by Intel (including the McAfee properties), IBM (which saw 17% growth in this market in a year when the market as a whole only grew 5.3%), Trend Micro and EMC.
3. Insider misuse
Once again, a threat from the inside causes major issues. Whether it’s a cashier looking to ring up some charges on a stolen credit card account, an end user looking to simplify access to sensitive information, or a developer trying to implement a time-saving workaround without considering risk, insider misuse and abuse is a big problem.
Verizon reports that two of their partners—Winston & Strawn and Mishcon de Reya-- have had great success with remedies for insider abuse. The key is to be able to collect and collate data logs of the users’ digital footprints so that the data can be analyzed and legal measures promptly pursued before further damage is done.
Solutions such as Nakina Systems’ NI-GUARDIAN are handy on this front, as they get rid of shared passwords; assign privileges by role, location and time; and give a complete “flight-recorder” log of all interactions. (Nakina scored a Pipeline Innovation Award this year because of their forward-looking security and assurance solutions.) Products with some similar functionalities exist from a number of vendors, including Accurate Always, who was a runner-up for our Innovation Award for security for its Voxida CenterSecure solution that keeps tabs on and controls permissions for help center employees and contractors.
4. Physical theft/loss
Sometimes people steal things. Sometimes those things are laptops or other hardware containing sensitive data. Encryption helps. Data masking helps. Locked doors and guard dogs help. Not much else to say about that. But these physical thefts account for 15% of incidents recorded by the DBIR.
5. Web app attacks
Now we’re starting to get into the rarer occurrences, as far as individual incidences go. Web app attacks account for just over 4% of the incidents studied by the DBIR. Organized crime was the most common perpetrator, and most of the victims were easy marks. Some 95% of the incidents involved pulling credentials from stolen consumer devices and using them to log into web apps. Two-factor authentication can cut down on this threat.
6. Denial-of-Service
Distributed denial-of-service (DDoS) attacks are still a problem. Just a few days ago (as of my writing), British service provider TalkTalk was hacked, and a DDoS attack provided the smokescreen for the serious damage. Government web services also get jammed up by DDoS attacks with some regularity, the most recent example that comes to mind being the Thai government’s website at the end of September.
This type of attack is of particular concern for Pipeline readers, as it falls on the shoulders of the CSPs. Verizon’s advice in the DBIR for its fellow CSPs is not dissimilar to my advice on the physical theft item: lock your stuff up. “Secure your services (which means knowing where your services are and how they’re configured),” the report authors recommend. “Block access to known botnet C2 servers 50 and patch your systems to help stop malware from turning your nodes into hapless automatons of doom.” They also note that anti-spoofing filters at the Internet edge can help larger providers block common amplification techniques.
7. Cyber-Espionage
Finally! The exciting stuff! International intrigue! I can just imagine roomfuls of hackers at the NSA or in China or North Korea slipping into all corners of the web.
Except that very few cyber-espionage attacks left behind any attacker-attribution of any kind, according to the DBIR. Plus these are rare, accounting for 0.8% of recorded incidents. What we do know is that the majority of these intrusions were on manufacturing (27.4%), public (20.2%), professional (13.3%), information (6.2%), and utility (3.9%) targets. Targets like financial services, healthcare and retail barely register (all under 1%). This tells us a little about who should be bringing in the big guns to protect against cyber-spies. According to the DBIR, the most commonly taken information in these intrusions were secrets (85.8%), followed by credentials (11.4%).
