Debunking the Myths Behind Government Data Breaches

If you had to sum up the past couple of years’ worth of data breaches, few have caused more anger and outrage than those affecting the government. The narrative has overwhelmingly been that of Chinese state-sponsored operatives walking through poorly protected systems to get at some of our nation’s most sensitive data. The State Department, White House, NOAA, United States Postal Service and most recently the Office of Personnel Management (OPM) have all suffered hugely damaging cyber attacks. We’ve slept in well beyond the “wake-up call.”

But to get better at understanding the scale of the threat we need to analyze data over a much longer period. So that’s exactly what we’ve done in two new reports, using data from non-profit Privacy Rights Clearinghouse (PRC) charting a decade of publicly disclosed breaches.

Ups and downs

The results, charting the period 2005-14, shows that the government sector is actually trumped by healthcare (26.9%) and education (16.8%) when it comes to the top industries affected by data breaches. In fact, the sector sits in third place overall, accounting for only 15.9% of breaches over that period.

Also interesting to note is the pattern of breaches over the past decade. There will be a periodic spike in attacks in a particular year, followed by a gradual drop off in the succeeding years, before another major jump. This could be explained by the reactive nature of cyber security in the government sector: first there’s a massive increase in breaches, which precipitates new policies, protocols and procedures to deal with the issue, before a major new security hole is exploited and the whole cycle begins again.

It happened in 2006 and 2010, and although there are no official figures, it has most likely occurred again in 2015 as foreign cyber attackers use covert targeted attack techniques to infiltrate government systems.

Less surprising is the take-away from the report that personally identifiable information (PII) accounts for the vast majority (57.4%) of record types stolen in the sector. Loss of portable and stationary devices, back-up drives and the like were the biggest risk, accounting for more than 40% of breaches. Unintended disclosure of sensitive data through mistakes or negligence (26.6%) was another major problem over the period.

Hacking on the rise

There’s been a gradual decline in loss or theft incidents, which is heartening and suggests the current policies, protocols, and procedures are starting to have an effect. However, hacking and malware, although a smaller cause at 17.4%, is on the rise. Incidents such as those affecting the OPM have shown us that some government agencies are woefully unprepared to deal with the new breed of targeted covert attacks – fast becoming the new normal when it comes to government data breaches.

It’s good to see the Office of Management and Budget (OMB) launching a 30-day Cybersecurity Sprint to better protect government networks. But agencies need to think more proactively to stop advanced attacks before they have a chance to do real damage.

With that in mind, here are just a few tips for starters:

Two-factor authentication for network access Reduce number of privileged accounts and operate “least privilege” policy Improve education/awareness training to help spot spear phishing and other signs of intrusion File integrity monitoring and log inspection to spot unusual network activity IDS/IPS to shield unpatched vulnerabilities Advanced sandboxing capabilities (eg Deep Discovery) to spot and block malware in spear phishing emails Regular pen testing and cyber fire drills to test ability to respond to attacks

Click here to read Trend Micro’s two reports: Follow the Data: Dissecting Data Breaches and Debunking the Myths and Follow the Data: Analyzing Breaches by Industry.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

from Trend Micro Simply Security http://ift.tt/1NQMg5M
via IFTTT