So as of yesterday the eagerly awaited Data Breach Investigations Report (DBIR) was made available from Verizon. Each year us security folk eagerly await the statistics provided in this report as it assists us to determine where the threats that are facing our customers are coming from, and allows us to continue to proactively defend against them.
We have seen a big shift in the statistics since 2011, and a massive increase in espionage / state sponsored attacks, in particular from China. This is due, in part, to the massive Mandiant report, which identifies just how many of the ‘APT1’ attacks are occurring. I don’t know about you, but for me, the Mandiant report blew my mind, and really changed the way I thought about the threat actors out there.
I have always preached to my clients that regardless of the type of company, size, monetary value etc all companies are targets. A lot of the time attackers will target smaller companies (usually because their defences are not as strong) and utilise them as a point to launch attacks against other networks to avoid detection. I have been involved with numerous breaches / post compromise containment scenarios over the years where I have seen this.
The latest reports show that companies are all still in the same boat, but espionage now plays a major part in data breaches, and if your company is in one of the following industries, there is a good chance that you may be targeted by APT1 or similar.
The general assumption is that these attacks only target government, military and high-profile organisations, but the DBIR confirms that this just isn’t true. Don’t underestimate the likelihood that your organisation will be a target.
The security landscape is still experiencing a lot of the standard attacks we see each year from the DBIR, however, last year saw a massive increase in both the number of companies getting hacked and the number of records exposed. The motivation may have changed, but essentially, the playing field is still the same.
The Verizon team have done a great chart breaking down who the external actors are, their actions, and what they are after:
The actions used are similar to previous years, and I see this almost every day on client engagements, and unfortunately I can confirm these findings on most engagements.
It has gotten to a point where all companies have to assume that they have either already been breached in some form, or will be soon, and so they need to plan accordingly. No longer is your security hardware enough, you can see from the stats below the massive growth of social engineering tactics to breach companies:
So how can you protect your company against the multitude of attacks that continue to grow? The best form of defence is penetration testing combined with staff awareness AND multiple layers of defence.
A pentest is one of the best lines of defence you can undergo – how do you know if you are at risk, if you have never been tested?
If you are interested in finding out more, Kiandra have a security breakfast event coming up on 19 June, which I believe is a must for anyone who is managing IT / overseeing IT (CIO, CEO, CISO, CFO, admins etc) and needs to be aware of the types of threats out there and how to remediate against them. I will be showcasing hacking techniques and demo’s, the underground sites, the variety of different hacking methods and remediation’s, statistics as well as much more. If you are interested please register here.