Verizon released a series of industry-by-industry snapshots of cybercrime aimed at helping organizations better understand the anatomy of a data breach and how to best provide protection, offer an in-depth view of the financial services, health care, retail, and hospitality sectors.
In addition, a fifth snapshot examines intellectual property theft, which has become increasingly difficult to protect against across a range of industries.
“Understanding what happens when a data breach occurs is critical to proactive prevention,” said Wade Baker, Verizon managing principal, RISK team. “Through our more targeted analysis, we are hoping to provide answers to businesses around the globe that want to protect not only their data but their reputation.”
Financial and insurance
- The financial services industry faces some unique challenges with regard to information protection. The industry’s status as a high-value target means it attracts significantly more directed and tenacious criminal attention
- Overall breaches in this sector were primarily about the money, whether targeting it directly (by accessing internal accounts and applications) or indirectly (through downstream fraud). Many of the attacks are targeted against ATMs, Web applications and employees.
- Areas for improved security include better protection of ATMs, careful monitoring of login credentials, secure application development, and training and awareness among employees.
- Most of the breaches within the health care sector fell into the small to medium business category (one to 100 employees), and outpatient care facilities such as medical and dental offices comprised the bulk of these.
- Attacks were almost entirely the work of financially motivated organized criminal groups, which typically attack smaller, low-risk targets to obtain personal and payment data for various fraud schemes.
- Most attacks involved hacking and malware and often focused on point of sale (POS) systems. However, the health care industry also needs to protect medical devices and electronic health records.
- The majority of breaches can be prevented with some small and relatively easy steps, including change in administrative passwords on all POS systems; implementing a firewall; avoiding using POS systems to browse the Web; and making certain the POS is a PCI DSS (Payment Card Industry Data Security Standard) compliant application.
- The retail industry continues to be plagued with a multitude of data breaches, much of it committed by financially motivated criminal groups that gain access through POS systems that are used to conduct daily business activities. The criminals exploit weak, guessable or default credentials via third-party remote access services.
- The most vulnerable are franchises and other small and medium-size businesses, which often lack in-house resources and expertise to manage their own security. Consequently, these businesses often rely on ill-equipped third-party vendors, which often fail to provide adequate protection; or the businesses use an out-of-the-box solution, without adequately investigating whether the solution will meet their security needs.
- In many cases, employees are involved in the breaches, either wittingly or unwittingly. It is not uncommon for an employee to click on a malicious email attachment or visit a questionable site on a company desktop, infecting the system with malware and enabling an attacker to gain access to other devices within the network.
Accommodations and Food Services
- This industry has been particularly vulnerable to data breaches, and for the past two years has had more breaches than any other industry.
- The POS systems, which are needed to process payment transactions, have proven to be easy targets for organized criminal groups.
- This industry, more so than any other, needs to emphasize preventive actions.
Intellectual Property (IP) theft
- Overall, finding and identifying the work of IP theft is highly difficult and specialized. Many of these breaches go undetected until long after the damage has been done, and it often takes quite a while to successfully contain the breach. IP attacks often include collusion between insiders and outsiders. Regular employees accounted for the largest percentage (two-thirds) of insiders. Outsiders often acted directly and maliciously, but also regularly solicited and aided insiders.
- Most of the thefts are carried out by determined adversaries who target IP as a shortcut to attaining some manner of strategic, financial, technological or related advantage. The attackers generally mix and match their methods until they find a successful combination. Many of these combinations are multiphased and multifaceted.
- With IP attacks, no single solution can guarantee protection. A common-sense, evidence-based approach is the best defense.