• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Financial Services   »   How to Avoid Being the Next JPMorgan: Analyzing a Decade of Breaches

How to Avoid Being the Next JPMorgan: Analyzing a Decade of Breaches

  • Posted on:November 18, 2015
  • Posted in:Financial Services, Security
  • Posted by:
    Jon Clay (Global Threat Communications)
0

If the astonishing revelations over a multi-year cyber-attack campaign against JPMorgan and others teach us nothing else, it’s that even the country’s largest financial institutions are still vulnerable to hackers. In the region of 100 million customers are said to have had their information stolen, and many more all over the US and the beyond will no doubt be wondering if they’ll be next. It might not be surprising, given the kind of information that financial institutions hold, that they are a target for hackers.

But it may come as a surprise to learn that this isn’t the most targeted industry in the US. In fact, it only accounted for 10 percent of data breaches recorded over the past decade, according to new research from Trend Micro. And it wasn’t even in the top three when it came to ID theft.

The truth about breaches

To uncover the truth about data breach trends over the past 10 years, Trend Micro analysed data from non-profit Privacy Rights Clearinghouse from 2005-2015 to compile two companion Follow the Data reports. Only by looking in depth over this kind of timeframe can we begin to deduce patterns and trends accurately enough. We found that retail was by far the most heavily hit industry, accounting for 47.8 percent of disclosed breaches over the period. The financial industry came a distant second with 10.2 percent, followed by healthcare (5.5%).

In fact, Trend Micro analysis revealed that, like government organizations, the financial industry followed a very clear pattern with its breaches. A major spike one year (2006, 2010) followed by several years of decline. It’s likely that these years of declining breach volumes came as the industry implemented new policies, protocols and procedures following a major shock to the system.

Now, 10 percent still equates to a sizeable number of breaches, of course, and we must remember that this is only an analysis of those recorded incidents – there could be more we don’t know about. The type of data these institutions typically store is highly sought after by hackers. It can be quickly and easily monetized – typically to create counterfeit credit cards, pay bills, commit fraud, and transfer money out of victims’ bank accounts. Moreover, unlike other industries where one or two specific breach methods are favored by attackers, incidents involving loss or theft, hacking or malware, insider threats and unintended disclosures are pretty evenly spread over the decade. But while there’s been a decline in loss or theft – perhaps highlighting the positive effect of those new policies and procedures – hacking, malware and insider threats increased.

The message for financial institutions then is clear, as backed up by recent well publicized cyberattacks: continue to invest in new ways to combat attacks that will surely come.

A multi-layered response

So that’s where we stand in 2015. And with hacking techniques getting ever more sophisticated and covert, financial organizations need to be on the top of their game when it comes to cyber security. So where should investments be targeted?

There is no one-size-fits-all answer to this: CISOs will need to craft their own response according to their organizations’ risk appetite and the kind of data they hold. But a multi-layered approach involving the following is a good place to start:

Advanced protection against targeted attacks and APTs: Should include advanced, custom sandboxing capabilities to stop and block spear phishing emails. Trend Micro’s Deep Discovery is an industry leading option.

Cloud and Data Center Protection: You need a complete set of capabilities including anti-malware, log inspection, intrusion prevention, virtual patching, host firewall, and integrity monitoring. Trend Micro’s award-winning Deep Security keeps data safe, prevents business disruptions and accelerates cloud ROI.

Integrated DLP: Avoid unintended disclosures and the impact of lost devices with comprehensive data loss prevention across your IT environment.

Endpoint Encryption: Encrypting data on PCs, Macs, DVDs, USBs and other endpoint devices locks down risk and helps financial organizations meet compliance requirements.

Click here to read Trend Micro’s two reports: Follow the Data: Dissecting Data Breaches and Debunking the Myths and Follow the Data: Analyzing Breaches by Industry.

Please add your thoughts in the comments below or follow me on Twitter; @jonlclay.

Related posts:

  1. Is My Data at Risk? Analyzing the Past Decade of Breaches
  2. The Trouble With Retail: Analyzing a Decade of Data Breaches
  3. Picking Apart a Decade of Breaches: The Top 5 Breached Industries
  4. A decade of breaches: Myths versus facts

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Smart Factory Cyber Attacks Knock Out Production for Days
  • Eliminate Hesitations: Security Simplified For Those Building In The Cloud
  • Nuffield Health Depends on Managed XDR with Trend Micro Vision One
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.