“There are only two kinds of companies. Those that were hacked and those that don’t yet know they were hacked.” – John Chambers, CEO, Cisco
With recent high-profile breaches at JP Morgan, Sony, Dairy Queen, and now Anthem, it’s safe to say that breaches are almost inevitable for any company. The topic of data security has gotten so big that now even president Obama has called for the building of a new cyber-intelligence center to aid in the fight against cyber terrorism. In 2014, 43 percent of businesses were hit by breaches, resulting in the loss of more than 1,000 customer records. 2015 shows no signs that the number of attacks is going down, either.
Why are so many breaches occurring?
The first thing to consider is how cybercriminals are actually hacking into companies. They use many techniques, but compromised employee credentials are a recurring theme. The latest data breach due to weak password security was at Anthem Inc., from which 80 million records were stolen.
The targeted phishing attack is a popular method of credential theft used by cyber criminals. In this kind of attack the criminal baits an employee into visiting what appears to be a legitimate corporate website but is actually a malicious reproduction created by the hacker. Employees unknowingly enter their company login credentials to sign into a fake portal. Once this occurs, the attackers steal the credentials and redirect employees back to the legitimate company-owned pages. An employee is completely oblivious to the fact that they victim of a hack. Legitimate credentials in hand, the hacker now has a starting point to nestle deep within the infrastructure and begin exfiltrating data to drop points located outside of the hacked company’s infrastructure. So difficult are these attacks to detect that the average breach lasts an astounding 229 days.
Why do hackers want your data?
Crime is often driven by the pursuit of wealth or the desire for notoriety. Cybercrime is no different. The reason cybercriminals hack is because they are aching for a payday or for the infamy of taking down a major company such as JP Morgan or Anthem. The most prominent driver today is financial gain – corporate data is worth big money on the black market. Hackers are buying and selling stolen data each day. Credit card numbers go for about $1 each. Information such as social security numbers and medical data can fetch up to $50 each on the market. Multiply $50 by 80 million records, and the Anthem attackers are currently dreaming of Gulfstream jets and private islands.
Unfortunately, we have evolved to the point where it is truly only a matter of time until your company is hacked. Why? Because the very same doors that employees or the government use to access sensitive company data can also be used by hackers.
The real question becomes not how do we prevent breaches, but how do we limit the damage of a breach once it actually occurs? The answer is a matter of visibility.
Let there be light
A common thread across all successful data breaches is that corporate data must leave the network in order to be stolen. The key to preventing breaches is being able to discern between malicious and normal behavior; otherwise you risk receiving more alerts than you can manage. This is what happened in the Target breach. Alarm bells rang, but just like when the boy cried wolf, too many false positive and unimportant events drowned out the real damage as it occurred.
Actionable intelligence has thus become a necessity in the fight against unauthorized breaches. Actionable intelligence means having visibility into the events and activities happening on your network that represent the greatest risk to your organization’s data. With this information IT admins know exactly what to act on, so they can catch breaches early (and breaches will happen). This is crucial to limiting damage.
Free eBook: Modern Retail Security Risk – Get your copy now.
By Chris Hines, Product Marketing Manager, Bitglass.
In a world of applications and mobile devices, IT must secure data that resides on third-party servers and travels over third-party networks to employee-owned mobile devices. Existing security technologies are simply not suited to solving this task, since they are developed to secure the corporate network perimeter. Bitglass is a Cloud Access Security Broker that delivers innovative technologies that transcend the network perimeter to deliver total data protection for the enterprise – in the cloud, on mobile devices and anywhere on the internet.
Bitglass was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution. Bitglass is based in Silicon Valley and backed by venture capital from NEA, Norwest and Singtel Innov8.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.