Debunking Breach Myths: Who is Stealing Your Data?

One the one hand, it’s always important to maintain a healthy skepticism when reading about the latest data breaches. Major incidents might grab the headlines, but they don’t always tell the whole story. On the other hand, cold hard facts collected over a period of 10 years offer a great opportunity for us to analyze some of the key trends, separate fact from fiction and really dig down into who’s stealing our data and why.

That’s exactly what we’ve done with our latest report – Follow the Data: Dissecting Data Breaches and Debunking Myths – which is based on publicly disclosed data breach records from 2005-15 collected by the Privacy Rights Clearinghouse (PRC). Armed with this information, we hope more Trend Micro customers will be able to fortify themselves against such breaches in the future.

Insiders vs outsiders

Cyber-attacks and data breaches as reported by mainstream media tend to focus on hackers, malware authors, shadowy state-sponsored operatives and ruthless cybercrime gangs. But this is only part of the picture. Here are some of the other causes of data breaches over the past decade:

  • Insider leak: a malicious employee with privileged access steals data
  • Loss or theft: either of portable devices, laptops etc or physical documents
  • Unintended disclosure: employee error leading to data loss
  • Payment card fraud: card data stolen using skimming devices

Our analysis shows that hacking and malware from malicious outsiders only contributed to one quarter of data breaches over the past 10 years. Although hacking incidents have been on the rise since 2010, so has the malicious insider threat. The following is a breakdown of the breach methods observed across industries within this report.

Figure 3 Breach Methods Observed (All Industries)-01

This could be for two reasons: insider leaks may not have been properly reported until 2010, or it’s simply becoming more lucrative to steal corporate data to sell.

Alert, contain, mitigate

Whatever the reason, the truth is that it can be harder defending against the actions of a malicious or negligent employee than battling an outside threat.

Here are just a few tips which should help you with alert, containment and mitigation:

  • Only allow authorized devices and software on the network
  • Continuous vulnerability assessment and remediation to stay on top of new exploits
  • Anti-malware at any incursion points in the enterprise
  • Wireless access controls to secure wireless LAN access
  • Data recovery and back-up processes/tools
  • Limit and control network ports
  • Limit admin privileges
  • Maintain and analyze audit logs to help understand and recover from attacks
  • Install data loss prevention tools
  • Invest in next-gen data breach detection solutions
  • Disk and device encryption in case of loss/theft
  • Develop incident response plan/infrastructure
  • Pen tests/Red Team exercises to enhance preparedness

This is by no means an exhaustive list, and not intended as a silver bullet. After all, a determined foe will always be able to breach your defenses given time. However, if you assume compromise and begin to roll-out some of these technical and non-technical measures, you stand a better chance of avoiding the worst effects of a breach.

Click here to read Trend Micro’s two reports: Follow the Data: Dissecting Data Breaches and Debunking the Myths and Follow the Data: Analyzing Breaches by Industry.



from Trend Micro Simply Security http://ift.tt/1j36ah8
via IFTTT