Business Needs to Attack Cyber Threats

Wednesday, August 4, 2010 @ 05:08 PM gHale


Businesses can’t wait to react to a cyber incident, it needs to be more proactive in its approach to security in the face of increased insider threats and customized malware.
Insider threats and customized malware attacks have increased in the past year, according to the 2010 Verizon Data Breach Investigations report in partnership with the US Secret Service.
This is the first time private and commercial data combined in a data breach report, said Matthijs Van der Wel, head of the EMEA forensics team at Verizon Business.
The data from the financial crime investigations from the Secret Service has enabled a broader and deeper perspective on cybercrime, he said.
“Most breaches are caused by external sources, but we now see a lot more cases that involve insiders combined with social engineering that we did not see in our previous data set,” Van der Wel said.
The data also shows a hike in the use of customized malware in smaller attacks to avoid detection by anti-virus and intrusion detection software, he said.
“Detection is extremely difficult, especially when mixed with stolen credentials, which enable attackers to mimic legitimate traffic,” said Van der Wel.
The report recommends a more proactive approach to security in which businesses actively monitor log files for anomalies. A sudden increase in the size and volume log files is usually a good indication of malicious activity, Van der Wel said.
In most cases, businesses have a small window of opportunity of about a day between the compromise and the theft of data, he said.
In cases that involve insiders, the researchers said theft often precedes a series of minor policy violations. Keeping track of minor policy violations is another way businesses can identify potentially malicious activities, Van der Wel said.
Businesses also need to move away from authentication methods that rely on usernames and passwords. Instead they should move to two and three-factor authentication, he said.
“The time for passwords is gone because they can be captured easily by password sniffers, no matter how long and complex they are,” he said.
Key findings of the 2010 report include:
• Most data breaches (69%) caused by external sources
• Breaches (48%) involved privilege misuse
• Nearly all data is breached from servers and online applications
• Most breaches (85%) were not difficult to carry out
• Most victims (87%) missed evidence of security breaches in their log files
• Recommendations for enterprises:
• Restrict and monitor privileged users
• Watch for minor policy violations
• Implement measures to stop the use of stolen credentials
• Focus on the size and volume of log files
• Share incident information with other organizations



Leave a Reply

You must be logged in to post a comment.