The snapshot of rising cybercrime
Based on the "Verizon 2012 and 2011 Data Breach Investigations Reports", organizations can now view snapshots of how cybercrime is affecting the financial services, health care, retail and hospitality sectors.
The communications and networking company has released the profiles with the aim of allowing firms to better understand the anatomy of a data breach -- and how best to protect against them. Information protection is fast becoming an urgent issue in all of these sectors -- as well as how best to protect intellectual property (IP).
"Understanding what happens when a data breach occurs is critical to proactive prevention," said Wade Baker, Verizon managing principal, RISK team. "Through our more targeted analysis, we are hoping to provide answers to businesses around the globe that want to protect not only their data but their reputation."
So, what were the reports key findings?
In the financial sector, highly coveted as a target for hacktivism and cyberattacks, it often appeals to the higher skill set and directed attacks of hackers worldwide. Overall, breaches are about the money (no surprise there) -- either by accessing internal accounts and apps, or through downstream fraud. Many attacks focus on ATMs, web applications and servers, or employees.
Login credentials, ATM protection, secure application development and improving the security awareness of employees are the top priorities to keep data secure.
Within the healthcare industry, most data breaches were suffered by those in the SMB category. Out of these businesses with up to 100 employees, outpatient care facilities faced the most attacks. According to Verizon, most of these attacks were financially motivated, and focused on point-of-sale (POS) systems to gain personal and payment data.
In order to protect against these attacks -- generally involving hacking or malware -- it is recommended that businesses change administrative passwords often, use firewalls, and make sure POS systems are Payment Card Industry Data Security Standard complaint (PCI DSS).
It's no surprise that when it comes down to money, the retail sector is hard hit. Again, hackers often lurk where point of sale systems are involved, and it is weak, guessable or default credentials which are often exploited -- sometimes through third party systems.
The most vulnerable are franchises and SMBs, which often lack in-house resources, expertise and investment to manage top-notch security. If a retail SMB relies on ill-equipped third-party vendors or a standard commercial product without checking if its suitable to individual needs, then cyberattacks are more successful.
In many cases, human error is to blame. Clicking on a single malicious email attachment or inappropriate site can download an array of malware, and once in the network, the damage is done. By doing your research and instigating a firewall and anti-virus software, some of these scenarios can be prevented.
In the hospitality sector, more breaches have taken place in the last two years than in any other industry. POS systems are often outdated or unsecured, and businesses need to do more to upgrade as well as educate their staff
Finally, intellectual property (IP) theft appears to be the work of specialist hackers, and can go undetected long after the damage is done. Verizon believes that many cases of IP theft involve the collusion of insiders and outside parties, and most cases boil down to gaining a strategic, financial, technological or related advantage. Many attacks are multifaceted.
No single solution can contain IP theft, but a "common sense" approach is suggested -- monitoring corporate networks, keeping security protocols up-to-date, and making sure sensitive information is only released on a "need to know" basis.
Verizon's 5th DBIR report was based on 855 data breaches consisting of over 174 million compromised records.
Image credit: CNET