By Bob Violino
Cyber-crime is a growing threat for organizations, and the collateral damage from suffering a breach can be significant and widespread: lost revenue, diminished customer confidence, bad publicity and damage to the brand—to name a few of the potential consequences. As a result, information security is both a challenge and a priority for organizations.
Attackers are going after a variety of targets and for different reasons. According to the “2013 Data Breach Investigations Report” by the risk team at Verizon Enterprise Solutions, 37 percent of breaches affected financial organizations. However, other types of businesses are also in the line of fire: 24 percent of breaches occurred in retail environments and restaurants, and 20 percent of network intrusions involved manufacturing, transportation and utilities. IT and professional services companies are also common targets.
The Verizon report includes data covering more than 47,000 reported security incidents and 621 confirmed data breaches from the previous year, gathered from 19 global organizations including law enforcement agencies, national incident-reporting entities, research institutions and private security firms.
The modes of attack and motives of the attackers also varied, according to the report. About three quarters of network intrusions exploited weak or stolen credentials; 52 percent used some form of hacking; 40 percent incorporated malware; 35 percent involved physical attacks; and 29 percent leveraged social tactics. Three-quarters of the attacks were driven by financial motives.
And while security experts often talk about the threat of security attacks from within organizations, the report notes that 92 percent were perpetrated by outsiders.
“Organizations should stay vigilant in their efforts to protect information and prevent data loss,” says Steve Durbin, global vice president of the Information Security Forum (ISF), a nonprofit organization in New York and London that provides guidance and best practices for information security and risk management. “Established controls—from managing employee access to monitoring network traffic and removable media—should be maintained and updated. A risk assessment should be carried out, in conjunction with the business and other functions, to determine what is essential to the organization.”
Deploying Security Strategies
Enterprises are deploying various strategies to defend against cyber-criminals. As a defense company, Raytheon in Billerica, Mass., is a critical infrastructure provider and has a responsibility to protect its operations, and “that goes beyond even our corporate responsibilities,” says Michael Daly, CTO and information security solutions director, Cyber Sciences & Technology Centers at Raytheon.
“In our unclassified computing environment, we have typical front-office and back-office information such as customer contact information, supplier data, financial information, personnel records, etc.,” Daly says. “In addition, our research and development—and all or part of many programs—operate at the classified level. All of this information is important for us to protect.”
In addition to firewalls and intrusion prevention systems, Raytheon has implemented RShield, an advanced malware detection platform that the company built. “It examines all files coming into the enterprise by email, USB or Web download inside a virtual machine farm running our standard desktop image,” Daly says. “It operates in conjunction with our insider-threat management tool, SureView, running on our desktops.”
The insider-threat tool is also tuned to look for advanced persistent threat behavior. “These tools also help us automatically extract new indicators from malware and enable rapid deployment of new signatures for our global intrusion prevention framework,” he adds.
