Published on September 8th, 2015 | by Tony Thompson
Cyber Security Risks Series: Roundup
In the past few weeks we’ve been running a series that looked at the types of security issues experienced across four different industry sectors: Healthcare, Financial, Technology and Government. Each has its own unique security profile but there were also some commonalities. Understanding these profiles helps provide insight into security issues, types of attacks that are most successful, and up and coming cyber threats to monitor.
This final article in the series will look at how the four sectors compare, identifying any commonalities and pointing out the especially unique problems of a given industry.
How Things Differ Across the Sectors
Unsurprisingly, the types of targets are different across the sectors when it comes to cyber threats.
Intellectual property theft is a serious problem for the technology industry. Competitors, some of them state sponsored, use both insider threats and external cybercriminals to obtain sensitive and proprietary information about product design and roadmaps. In a MacAfee Report on the Cost of Cybercrime, it was reported that the U.S. Department of Commerce estimated losses by U.S. companies, due to IP theft, are around $200-250 billion annually.
Asset misappropriation is the main issue for the financial industry. External threats seem to be the most prevalent form of cybercrime in this sector, threats coming in from both individuals and organized gangs, as was seen in the Carbanak attack. Attacks on the financial service sector are economic in nature, PWC showed that financial gain was behind 45-50% of the attacks in the financial sector.
Data Theft is the primary target in the Healthcare industry. A healthcare record is worth more than any other industry data set at $363 per record. This has been born out by some of the largest attacks on Personally Identifying Information (Pii) being in the healthcare sector. An example of this type of attack is the Anthem breach which lost 80 million customer records, the information then being used for secondary attacks such as the IRS breach earlier this year.
The government sector has a mosaic of issues, ranging from threats to critical infrastructures, such as energy and satellite communications, as well attacks on the data of government employees. The Office of Personnel Management (OPM) breach, which lost over 22 million government employee records, is a recent example of how government based Pii is at risk. Government also has to deal with hactivism more than other sectors. Foreign activists and even nation states have defaced federal government websites, or carried out DOS attacks in retaliation for various alleged government misdemeanors.
How are Things the Same Across the Sectors
There is overlap in the type of targets cybercriminals are attacking across each of the four sectors we have looked at, but as we’ve seen, each also have their own specific area threats. However, although the end target may differ in each sector, often the means to get to the end result are the same.
Certain methods of attack are being used more effectively than others. Social engineered vectors, such as spear phishing emails are used in all four sectors to initiate a cyber-attack. This is because phishing emails, especially the highly targeted spear phishing variant, are very difficult for the recipient to recognize as being a threat. Cybercriminals are becoming adept at creating very convincing phishing emails. Some studies looking at the effectiveness of spear phishing emails have seen as high as an 80% click through rate.
If spear phishing is the way into an organization, APT malware is the way to, stealthily, get the information you want from the organization out to your command and control center. APT usage is on the rise because targeted attacks are on the rise. Cybercrime is becoming big business and more importantly organized. The scattergun approach of the past is long gone and the gangs of cybercriminals, often state sponsored, know what they are after and know how to get it. APT’s are used across all sectors and we should expect to see their presence uncovered more and more.
Insider threats are also a common presence across the sectors. This is one of the more difficult crimes to protect against. It can be perpetrated in an instant using many readily available and cheap tools like the RubberDucky which can extract login credentials and other data, or slowly, over time, leaking information to competitors in the form of cyber espionage.
Where to Go From Here
One thing that is clear is that cybercrime is becoming increasingly complex and sophisticated. We are at a juncture in our approach to security strategy and the tools we have to deal with the impact of cyber threats. Older tools like firewalls and anti-virus software are struggling to keep up with the changing landscape and pace of change in the world of cybercrime. Insider threats are incredibly difficult to prevent with older approaches to security.
All industries, no matter what part of their business is the most attractive in terms of target point, need to look at a fresh approach to handling this situation. A layer of security monitoring and behavioral analysis give us the added intelligence and visibility we need to spot issues like IP theft as it happens. It allows us to see incoming threats and stop them before the APT becomes resident on the server. Without this additional level of security we cannot hope to stem the tidal wave of threats coming into our organizations at the rate we are currently seeing.
Perimeter defenses are insufficient when protecting vulnerable industries. These vectors require a holistic approach to cyber security that allows them to rapidly remediate post-attack.