• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Dustin Childs
    • Rik Ferguson
    • Elisa Lippincott
    • Mark Nunnikhoven
  • Research
Home   »   Data Privacy   »   Debunking Breach Myths: Who is Stealing Your Data?

Debunking Breach Myths: Who is Stealing Your Data?

  • Posted on:October 1, 2015
  • Posted in:Data Privacy, Hacks, Security
  • Posted by:Christopher Budd (Global Threat Communications)
1

One the one hand, it’s always important to maintain a healthy skepticism when reading about the latest data breaches. Major incidents might grab the headlines, but they don’t always tell the whole story. On the other hand, cold hard facts collected over a period of 10 years offer a great opportunity for us to analyze some of the key trends, separate fact from fiction and really dig down into who’s stealing our data and why.

That’s exactly what we’ve done with our latest report – Follow the Data: Dissecting Data Breaches and Debunking Myths – which is based on publicly disclosed data breach records from 2005-15 collected by the Privacy Rights Clearinghouse (PRC). Armed with this information, we hope more Trend Micro customers will be able to fortify themselves against such breaches in the future.

Insiders vs outsiders

Cyber-attacks and data breaches as reported by mainstream media tend to focus on hackers, malware authors, shadowy state-sponsored operatives and ruthless cybercrime gangs. But this is only part of the picture. Here are some of the other causes of data breaches over the past decade:

  • Insider leak: a malicious employee with privileged access steals data
  • Loss or theft: either of portable devices, laptops etc or physical documents
  • Unintended disclosure: employee error leading to data loss
  • Payment card fraud: card data stolen using skimming devices

Our analysis shows that hacking and malware from malicious outsiders only contributed to one quarter of data breaches over the past 10 years. Although hacking incidents have been on the rise since 2010, so has the malicious insider threat. The following is a breakdown of the breach methods observed across industries within this report.

Figure 3 Breach Methods Observed (All Industries)-01

This could be for two reasons: insider leaks may not have been properly reported until 2010, or it’s simply becoming more lucrative to steal corporate data to sell.

Alert, contain, mitigate

Whatever the reason, the truth is that it can be harder defending against the actions of a malicious or negligent employee than battling an outside threat.

Here are just a few tips which should help you with alert, containment and mitigation:

  • Only allow authorized devices and software on the network
  • Continuous vulnerability assessment and remediation to stay on top of new exploits
  • Anti-malware at any incursion points in the enterprise
  • Wireless access controls to secure wireless LAN access
  • Data recovery and back-up processes/tools
  • Limit and control network ports
  • Limit admin privileges
  • Maintain and analyze audit logs to help understand and recover from attacks
  • Install data loss prevention tools
  • Invest in next-gen data breach detection solutions
  • Disk and device encryption in case of loss/theft
  • Develop incident response plan/infrastructure
  • Pen tests/Red Team exercises to enhance preparedness

This is by no means an exhaustive list, and not intended as a silver bullet. After all, a determined foe will always be able to breach your defenses given time. However, if you assume compromise and begin to roll-out some of these technical and non-technical measures, you stand a better chance of avoiding the worst effects of a breach.

Click here to read Trend Micro’s two reports: Follow the Data: Dissecting Data Breaches and Debunking the Myths and Follow the Data: Analyzing Breaches by Industry.

Related posts:

  1. Trend Micro’s Data Breach Report: “Follow the Data: Dissecting Data Breaches and Debunking Myths”
  2. Debunking the Myths Behind US Government Data Breaches
  3. Data breach reporting must be taken more seriously
  4. Picking Apart a Decade of Breaches: The Top 5 Breached Industries
  • HomeSecurityList

    Great post. appreciate the effort. Insider’s job is the worst form of data theft. In a recent video watching (which can be found in our official blog) a security camera in house was able to catch a thief browsing through the data within a house.

Security Intelligence Blog

  • New Disdain Exploit Kit Detected in the Wild
  • GhostClicker Adware is a Phantomlike Android Click Fraud
  • The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard

Featured Authors

Dustin Childs (Zero Day Initiative Communications)
Dustin Childs (Zero Day Initiative Communications)
  • The Inside Scoop on the World’s Leading Bug Bounty Program
Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Further Advances the State of Cyber Threat Information Sharing into Cyber Threat Management and Response
Elisa Lippincott (TippingPoint Global Product Marketing)
Elisa Lippincott (TippingPoint Global Product Marketing)
  • TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 14, 2017
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Amazon Macie and Deep Security
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Law of Unintended Outbreak – Who Is at Risk from Petya?

Follow Us

Trend Micro in the News

  • Level up your cybersecurity journey with CLOUDSEC 2017
  • This Week in Security News
  • TippingPoint Threat Intelligence and Zero-Day Coverage – Week of August 14, 2017

Trend Micro Blogs

  • Internet Safety for Kids
  • CounterMeasures
  • CTO Insights
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.