Intel Security CTO Shares Insights on 2014 DBIR
by Mike Fey
At Intel Security, we believe the Innovation Economy relies on security for organizations and individuals to innovate and execute through technology. For example, the entrepreneur in his garage can't bring new disruptive ideas to life without the ability to securely develop and protect his intellectual property. The bio tech researcher can't bring her innovative new wonder drug to market if her organization can't protect trade secrets and data processes necessary for business execution.
When a factory burns down, public companies are required to report the loss. When a company is the victim of a consumer data breach, notification laws take the events public. But the lack of incentives to disclose information on cyberespionage attacks typically obscures their scale, severity and organizational implications.
Verizon's release of its 2014 Data Breach Investigations Report (DBIR) provides valuable insight into the current state and scale of cyberespionage. By growing the number of DBIR contributors, Verizon is providing a more detailed view into this least understood area of cybercrime.
One in five breaches is espionage
The report found that 22 percent of breaches fell into the cyberespionage category. This affirms the concern of many IT professionals that cyberespionage could be the “crime of the century” that nobody is discussing. While we are just beginning to quantify the cost of such criminal activity, the extent of the activity and the implication to wealth and jobs should be recognized and taken seriously at the organizational, industry, national, and global levels. I know personally from our own analysis of operations (Shady Rat, Aurora, etc.) that these attacks are serious and financially alarming.
Industries, assets under attack
The most popular espionage victims were in the public, professional services (law firms, investment banks, accounting and tax services), manufacturing, transportation, mining sectors, but any organization can learn from the types of assets that are targeted. Public agencies certainly hold sensitive diplomatic, military and economic information. Manufacturing has design, intellectual property and production process information that could be very useful to competitors. Billions of dollars are at stake in efforts to protect location and quantity data on oil, natural gas, copper and other resources. Professional services organizations possess accounting, research, regulatory audit and legal information on organizations in every sector.
Whether product designs, a vaccine, business plans, contracts, financial books, oil reserve reports or customer and partner information, knowing what your organization needs to protect most is the first critical step in developing the right security strategy. As a leader and practitioner, start by playing hacker yourself and reviewing the “Three R's” with your executive teams – ask how someone can get Rich off of us, how can someone Ruin us, and with what Regulations must we comply.
Time to discovery
The research showed that breaches were discovered in days or less, about 25 percent of the time, and this is worse than what was reported in 2013. Moreover, the attacks themselves tended to utilize a wider variety of tactics and technologies than other attacks. The Operation Troy campaign, discovered by McAfee Labs in 2013, ran a four-year espionage campaign targeting South Korean and U.S. military networks in Asia. Troy used advanced evasion techniques to avoid detection by native anti-virus and firewall defenses. Troy implemented malware capable of scanning system files for military terms and names, and then encrypted and transmitted compromised information through a secret network within the enterprises' networks.
To quickly counter the wide variety of potential attacks, organizations must use integrated and connected security – it must be able to detect and deflect attacks at multiple points in the enterprise; defenses must be able to share the latest real-time attack data as incidents happen; and they must be kept up to date on the latest technologies and tactics through the exchange of threat intelligence with other organizations.
Editor's Note: Part two of this series will publish on Monday, May 19. You can help ensure you don't miss the rest of this important series by subscribing to our News Center using the ‘Subscribe to News' feature in the right hand column.