One of the more interesting trends of data security has been the continued globalization of cybercriminal strategies targeting American firms. The Verizon 2013 Data Breach Investigations Report showed that companies of all sizes should improve their security if they have yet to do so, and one critical area with which to start is the authentication process, as the report showed 67 percent of network intrusions resulted from weak or stolen credentials.
Knowing that these external threats are coming is key for businesses, as the report showed 92 percent of cyber attacks were by external parties while a mere 14 percent were from an insider. Companies could experience both, so it was noted that this number does not have to add up to 100 percent. Fifty-five percent of attacks were carried out by organized crime syndicates, where spam, identity theft, payment fraud and other strategies were employed.
"The two big reasons for the dominance of external actors are their numerical advantage and greater attack scalability," the report stated. "An organization will always have more outsiders than insiders, and the Internet connects criminals to a virtually limitless host of potential victims."
While most would think organized crime would factor in primarily with large companies, the Verizon report showed that 57 percent of attacks on small businesses fell into this category, distantly followed by 20 percent coming from state-sponsored hackers. For large companies, 49 percent of attacks came from organized crime with 24 percent government-affiliated. The primary incentive for these crime syndicates to attack is money, the report said, as there are now more economic and social activities online and a richer amount of data that can be stolen and converted into cash for these criminals.
Organized cybercrime targeting industries such as food, retail and finance tends to come from Eastern Europe and North America, according to Verizon analysts. Attacks can include malware used for spying, brute-force hacking and even physically tampering with databases, desktops and ATMs to get what they want. State-affiliated attacks are expanding as well, with the report saying these attackers are using espionage campaigns to target data to help military interests, find insider secrets and acquire source code. Only 2 percent of attacks come from hacktivists, even though many may think of this as a bigger issue now due to how much mainstream attention it receives.
Securing data for a better future
Verizon executive vice president Randal S. Milch wrote in a guest post on The Hill that Congress must play a key role in helping to improve the nation's cybersecurity posture. One suggestion he had was to start sharing threat information between federal agencies and communications companies which can help find threats earlier and prevent them before they really hurt companies or government bodies, which is essentially the basis of the CISPA bill.
"As we continue to work to find the best solutions to ensure the best cyber security in the middle of this fast‐moving technological war, we must avoid regulatory mandates that will quickly become obsolete and potentially hinder the ability of high tech companies and broadband providers to innovate and coordinate to defeat ever-evolving cyber threats," he wrote. "These companies must maintain the flexibility to deploy new technologies in real-time to secure networks and to protect customers."
Milch believes that having a strong partnership between the public and private sectors will bring forth a more secure era of online communication and data sharing, thereby helping the company grow economically. This brand of data security will take teamwork, he said, but he believes that as more realize how important securing the cyber world is, the easier it will get to come together and do as such.
Data Security News from SimplySecurity.com by Trend Micro.