2. Every business is at risk (but not equally and not all the time)
You may have customers who feel they are small fry, so spend little on security, or big ones lulled into false confidence by the amount of money and time they do spend. The fact of the matter, however, is that every business is at risk, although the spectre is different for each.
Larger organisations tend to face more varied threats while SMEs face attacks on point-of-sale devices and maybe the insertion points into bigger partners. Few retailers – especially in hospitality, the most afflicted sector – have PoS anti-tampering processes. And manufacturing and information services are most at risk when it comes to number of records stolen.
Larger organisations are more likely to be targets of social attacks, possibly because they have better perimeters and also are easier to recce using tools such as LinkedIn. In those organisations, 58 percent of attacks involve hacking, resulting in 99 percent of records lost; malware comes in second, according to Verizon. And keyloggers were present in nearly half of cases, irrespective of company size.
But SMEs are six-times more likely to be breached by using default or simple credentials. Securus Global’s Drazic says the scale of big companies insulates them from the consequences, but a “startup that is compromised may lose support, financing and consumer confidence” that could cruel their growth or end them in the crib.
Verizon investigator Mark Goudie says on an audit in which he was recently involved, an Australian business found its vendor was using the same password – the vendor’s company name – for its customers worldwide. It would take just one of them to be breached for all to be laid bare, he says.
Hacktivists such as Lulzsec, Anonymous and 4chan also were responsible for the greatest number of records purloined last year, often against high-profile targets such as security providers (HB Garry), government and law enforcement. Goudie says if you don’t need data, delete it, securely, even if that puts you on a collision course with the organisation’s “big data” forces.
SMEs may also find themselves swept up in a hacking driftnet as attackers scan IP ranges or execute application vulnerabilities, especially those known as “zero-day”, for which defences are lowest.
3. Physical security matters
It could be easier and cheaper to physically break into your customer’s organisation than through a computer system either to exfiltrate data or to plant malware.
“Social engineers were leaving thumb drives around an organisation, giving them away for free – that bypasses a lot of procedures,” says Imation Asia-Pacific general manager Sven Radavics. He says China was implicated in an attack against the Indian Navy that used this approach. And he says those “walking around with some sort of authority are left untouched by employees except in the most rarified environments”, allowing them to steal data or plant malware.
Organisations may print data they sense is too valuable to be left online, but leave it labelled in unlocked cupboards for the attentive thief. Goudie says resellers should tell their customers to “automate processes to remove the human element”.
4. The company you keep
This year saw the “watering hole” attack, where criminals targeted websites allied to their ultimate target. The attacker scans the websites for vulnerabilities, redirecting victims to malicious sites. An SQL injection, for instance, takes advantage of website forms that don’t validate input and pass unauthorised code to a database. Or a website may invite uploads that run a program or install a shell the attacker uses to elevate access.
US Republican websites canvassing election donations were targeted by lookalike and possibly infected websites, redirecting funds into unauthorised accounts.
Verizon says the rise in “industrialised” crimes last year makes this more likely in future. And although partners were implicated in just 1 percent of attacks Verizon studied, that may be due to under-reporting.
Trend Micro engineer Vlado Vajdic says there are cases of supply chains being targeted – sometimes a bigger company is “owned” when it buys a smaller company. Make sure partners in the supply chain have the same security posture.
5. Bad guys are inside the firewall – and likely have been for a while
As trusted advisers, resellers have a unique role in helping customers swallow this sour truth, Verizon reporting that 85 percent of breaches took at least a few weeks to find, third parties finding them in 92 percent of total cases.
“Assume that the network is infected,” says Lastline’s Ben Teh. “It’s very difficult to get in to clean the system because rootkits infect the kernel.” RSA’s Farquhar urges organisations to “build defences around that assumption”.
To mitigate threats from the likes of drive-by attacks and roaming devices (especially in a BYOD environment with guest access), Teh advises scanning traffic to analyse code for dangerous behaviours.
Red flags the system is compromised: • domains failing to resolve; • connections that go to unusual destinations; • login failures on database servers;• programs running that ought not; • users or applications escalating their privileges;• unexpected secure web traffic (https).
A chained assault that started with a rogue email or IM session may communicate with a command-and-control server, trickling information out of the network, at unusual times or over secure web connections.
Compromised devices may be re-imaged or destroyed to curb the infection. Virtualised systems offer protection because they are viewed by an overarching framework (assuming the hypervisor is secure) and can trivially revert to a clean, earlier version.
Read on for how to learn the lingo, find and ditch the bad guy, keep an eye on the social, and the importance of knowing the three P's.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
