BreachExchange mailing list archives
The Four Adversaries After Your Data
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 2 Nov 2016 08:42:02 -0600
http://data-informed.com/the-four-adversaries-after-your-data/ Any business, regardless of industry sector or size, is vulnerable to a cyberattack. Just ask some of the well-known retailers, popular social media sites and global law firms who made news headlines regularly over the past few years. The cyber threats are vast and imminent, and organizations know they need to take action quickly as hackers continue growing in both number and sophistication. But who are these “bad guys” after your data? It’s likely adversaries are already on your network and endpoints, poised to steal your business’ data, without your knowledge. However, what exactly are they looking for, and most importantly, how can they be blocked? These adversaries come from a wide range of backgrounds, varying in motive and target, but they all have the same end goal – a business’ most sensitive, confidential data. Meet the four most common types of adversaries after your organization’s private information: “Nation State”: This category of adversary is directly employed by an arm of a national government and is typically very well-funded relative to small hactivist groups and individual cyber-criminals. These entities are motivated by economic, political, and military advantages, increasing the impact of the damage that is possible if they are successful in accessing the data they seek. Nation states are interested in data about critical infrastructure, along with trade secrets, business information and emerging technologies. This can lead to a loss of competitive advantage for the countries or organizations they target, as well as a disruption to critical infrastructure, which may wreak havoc on the general population. Media and cyber-security experts alike list China as the most prolific sponsor of nation state hacking. In attempt to stem that tide, President Barack Obama and Chinese President Xi Jingping announced they had “reached a common understanding” to curb cyberespionage between China and the United States in September 2015. “Cyber-Criminals”: The most common adversary thought of when discussing data theft, cyber criminals seek the immediate satisfaction of a financial payout. They typically target personal and credit information, including PII, PCI, and PHI, hoping to exploit the data for their own financial gain. For the individual or organization targeted, this can result in direct financial loss or legal issues, in the form of lawsuits and regulatory penalties. Above all, a breach caused by a cyber-criminal can cause a loss of confidence for the organization, which can be difficult to regain, especially when customer data has been compromised. One of the most worrisome aspects about cyber-criminals is their increasing levels of sophistication and organization. For example, some cyber-crime syndicates use underground call centers to guide victims through the process of Bitcoin payment and data recovery in ransomware attacks. “Hacktivists”: If you haven’t already guessed by the name alone, hacktivists are hackers looking to influence political or social change by pressuring businesses, governments and other entities to change their practices. How do they aim to do this? By attacking the organization’s secrets and business information, including data relevant to key leaders, employees, and customers. Hacktivists take advantage of the data to disrupt normal business activities and put the focus (and media attention) on their own agenda. The target’s reputation is likely to be damaged as a result of this type of attack, which is often a long-lasting effect that extends beyond the initial loss. Arguably, the most well know hactivist group today is a collective known around the globe as Anonymous. “Malicious Insiders”: Insiders are an often forgotten source of attacks, though they are arguably the most dangerous as they represent trusted employees and partners. Motivated by personal gain, professional revenge, and monetary reward, malicious insiders usually have easy access to the data they are looking to expose or monetize. This typically includes customer data, company financial and salary information, along with employee data, corporate secrets, and notable research that has yet to be released. Like most of the other adversaries detailed above, malicious insiders seek to disrupt business operations and damage the organization’s brand and reputation. In some cases they may be collaborating with cyber-criminals for personal financial gain. Now that you’ve met the adversaries, it’s time to prepare and prevent the next cyberattack from happening. By following a few simple – but critical – steps, businesses can better position themselves to guard their sensitive data when one of the aforementioned “bad guys” attempts to infiltrate the network: Identify Your Most Important Data Assets: All too often, organizations have no idea where this valuable data is stored and who has access to it. Businesses must know what their sensitive data is if they want to prevent it from being stolen. Simply identifying the crown jewels can feel like a daunting task, but it doesn’t have to be. Start with your most critical data — the data you know a hacker is after. Get that identified first and then move to the next organizational function. Protect Those Data Assets: This is going to sound very basic, but once sensitive data is identified… label it. Literally mark all critical assets as “internal only” or “confidential.” There are also additional technologies that you can employ to ensure your sensitive data stays safe. From encryption to digital rights management, and persistent document tagging to policy-driven data protection, there are numerous approaches to ensure data flows freely, but only on a need-to-know basis. Implement patch management practices to ensure all security updates are installed in the latest versions of software programs and applications. This will help prevent the adversaries from exploiting common vulnerabilities as they try to infiltrate systems. Think Like the Adversaries: Take a look at all of your business processes to determine where data theft might occur. Assess your data from an outsider’s standpoint — what would you want to steal and how would you do it? Then, set to work plugging those holes. “Threat modeling” is one of the most effective ways to ensure security. Improve Employee Awareness: The weakest link in data defense is the employee — from the C-level executive to the intern. Add data protection to manuals and employment agreements, and train them on your policies regarding the use of confidential data. It also helps to perform regular security awareness training and invite your contractors, vendors and partners to participate, as they should be subject to your data protection policies as well. Be Prepared if Your Data is Stolen: Have an incident response plan at the ready. Even the organizations that have their data protected can still become victims of breaches. If your business’s data is protected properly, it won’t matter which adversaries you’re up against for the organization to remain secure. However, now is the time to rethink and prioritize cybersecurity – before falling victim to the next hack. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- The Four Adversaries After Your Data Audrey McNeil (Nov 02)