Organizations need to think hard about why they might be a target of a data breach — as well as think about who their potential attackers might be if they are to keep sensitive information secure.
That’s the advice of Ajay Sood, FireEye, Inc.’s general manager for Canada, who said cybercrime’s constant evolution has meant it has moved away from just targeting financial data, such as credit card information, to more proprietary corporation information.
“Any form of intellectual property is at risk,” he said. Not only is anything that can be monetized under threat, but so is more personally identifying information (PII) and health information, noting the recent, high profile Ashley Madison breach as well as medical data exposed by Premera Blue Cross. “What could be more personal than that?”
Of course, any data is potentially valuable, acknowledged Sood, and generally falls into four buckets – political, intellectual, financial and now personal capital. And the criminals themselves are not necessarily interested in the data itself, but end up finding a way to monetize later on, he said. “Whether you think you’re target or not, your data is valuable to someone.”
The fact that it is valuable to you puts it a risk, which the rise of ransomware has shown. Cyber-criminals can lock up your data and encrypt it, forcing an individual or an organization to pay thousands of dollars to regain access to it, said Sood. “It doesn’t matter who you are. They may not be after you. They may be after the data you have access to.”
A recently published Cisco Systems Annual Security Report noted that ransomware has two main advantages to criminals: It is a low-maintenance operation, and it offers a quick path to monetization because the victims have to pay in cryptocurrencies.
Sood said a hallmark of cybercrime evolution has been complacency by design as organizations have come to rely on tools and technology, and viruses are Trojans are now see as annoyances. “Today the problem is invisible.” Users stumble across malware that provides hackers with access to systems to monetize an attack. “It’s quiet,” he said. “It surreptitious. That’s the objective of modern cybercriminals.”
FireEye’s consulting arm, Mandiant, recently released its seventh annual Mandiant M-Trends report, which found the average number of days it takes to discover a breach is 146. The report was compiled from advanced threat investigations conducted by Mandiant consultants in 2015.
Wednesday is the most popular day for “spearphishing” attacks, the report found, with 29 per cent of spearphishing emails being sent on Wednesday, compared to 20 per cent on Thursday and 10 per cent on Saturday.
Another key finding was that ransomware attacks are growing as hackers use malicious software to block access to a computer system until a ransom is paid. The amount of organizations being subject to ransomware has increased exponentially over the course of 2015, well before the high profile Hollywood Presbyterian Medical Center incident.
And just as Sood noted, many organizations are unware of a threat, as less than 10 per cent of organizations recognized an alert as an indication of ongoing threat activity and responded appropriately.
The M-Trends report delves further into several major trends it has seen developed, including what it dubs the “David v. Goliath” phenomenon of attackers disrupting businesses by destroying critical business systems, leaking confidential data, holding companies for ransom, and taunting executives. The Mandiant report said some attackers were motivated by money, while others claimed to be retaliating for political purposes or simply wanted to cause embarrassment.