• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Data Privacy   »   Debunking Breach Myths: Who is Stealing Your Data?

Debunking Breach Myths: Who is Stealing Your Data?

  • Posted on:October 1, 2015
  • Posted in:Data Privacy, Hacks, Security
  • Posted by:Christopher Budd (Global Threat Communications)
1

One the one hand, it’s always important to maintain a healthy skepticism when reading about the latest data breaches. Major incidents might grab the headlines, but they don’t always tell the whole story. On the other hand, cold hard facts collected over a period of 10 years offer a great opportunity for us to analyze some of the key trends, separate fact from fiction and really dig down into who’s stealing our data and why.

That’s exactly what we’ve done with our latest report – Follow the Data: Dissecting Data Breaches and Debunking Myths – which is based on publicly disclosed data breach records from 2005-15 collected by the Privacy Rights Clearinghouse (PRC). Armed with this information, we hope more Trend Micro customers will be able to fortify themselves against such breaches in the future.

Insiders vs outsiders

Cyber-attacks and data breaches as reported by mainstream media tend to focus on hackers, malware authors, shadowy state-sponsored operatives and ruthless cybercrime gangs. But this is only part of the picture. Here are some of the other causes of data breaches over the past decade:

  • Insider leak: a malicious employee with privileged access steals data
  • Loss or theft: either of portable devices, laptops etc or physical documents
  • Unintended disclosure: employee error leading to data loss
  • Payment card fraud: card data stolen using skimming devices

Our analysis shows that hacking and malware from malicious outsiders only contributed to one quarter of data breaches over the past 10 years. Although hacking incidents have been on the rise since 2010, so has the malicious insider threat. The following is a breakdown of the breach methods observed across industries within this report.

Figure 3 Breach Methods Observed (All Industries)-01

This could be for two reasons: insider leaks may not have been properly reported until 2010, or it’s simply becoming more lucrative to steal corporate data to sell.

Alert, contain, mitigate

Whatever the reason, the truth is that it can be harder defending against the actions of a malicious or negligent employee than battling an outside threat.

Here are just a few tips which should help you with alert, containment and mitigation:

  • Only allow authorized devices and software on the network
  • Continuous vulnerability assessment and remediation to stay on top of new exploits
  • Anti-malware at any incursion points in the enterprise
  • Wireless access controls to secure wireless LAN access
  • Data recovery and back-up processes/tools
  • Limit and control network ports
  • Limit admin privileges
  • Maintain and analyze audit logs to help understand and recover from attacks
  • Install data loss prevention tools
  • Invest in next-gen data breach detection solutions
  • Disk and device encryption in case of loss/theft
  • Develop incident response plan/infrastructure
  • Pen tests/Red Team exercises to enhance preparedness

This is by no means an exhaustive list, and not intended as a silver bullet. After all, a determined foe will always be able to breach your defenses given time. However, if you assume compromise and begin to roll-out some of these technical and non-technical measures, you stand a better chance of avoiding the worst effects of a breach.

Click here to read Trend Micro’s two reports: Follow the Data: Dissecting Data Breaches and Debunking the Myths and Follow the Data: Analyzing Breaches by Industry.

Related posts:

  1. Trend Micro’s Data Breach Report: “Follow the Data: Dissecting Data Breaches and Debunking Myths”
  2. Debunking the Myths Behind US Government Data Breaches
  3. The inside job: How hackers are stealing data from within
  4. Picking Apart a Decade of Breaches: The Top 5 Breached Industries

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Smart Factory Cyber Attacks Knock Out Production for Days
  • Eliminate Hesitations: Security Simplified For Those Building In The Cloud
  • Nuffield Health Depends on Managed XDR with Trend Micro Vision One
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.