Today’s Data Breach Environment: An Overview

By now, companies and consumers alike are well aware of the threat of a data breach. Large and small businesses across every sector have been targeted, and many customers are now familiar with the notification that their username, password or other details might have been compromised.

The unfortunate fact is that, despite efforts on the part of cybersecurity vendors and enterprises, the rate of infection and the vast number of threats continues to rise. Hackers are savvy and can adjust a sample just enough to fly under the radar of advanced security solutions. Worse still, once they’ve broken through the back door, cybercriminals can remain within systems and infrastructure for longer periods, stealing and snooping on more sensitive information in the process.

Today, we’re taking a closer look at the overarching environment of data breaches, including the stats and figures that demonstrate the size and impact of current threats, what takes place during and after a breach, and how enterprises can improve their protections.

By the numbers: Top data breach threats

There’s no shortage of facts and data when it comes to data breaches. According to current reports – including Trend Micro’s 2018 Midyear Security Roundup: Unseen Threats, Imminent Losses – some of today’s top threats include:

  • Ransomware: Although Trend Micro discovered only a slight increase in ransomware activity during the first half of 2018, coming in at a 3 percent rise, ransomware continues to pose a threat to enterprise systems everywhere. Even with a 26 percent decrease in the number of newly detected sample families, ransomware is still being put to work, encrypting files and enabling hackers to demand high Bitcoin ransoms.
  • Cryptomining: Unpermitted cryptocurrency mining is also a threat to enterprise security – and may be more dangerous than many organizations realize. Trend Micro researchers found a more than 140 percent increase in malicious cryptocurrency mining activity in the first six months of this year, compared to the same period last year. These programs operate in the background and steal valuable computing and utility resources, driving up costs and scaling back critical performance for legitimate business processes as a result.
  • BEC and email-served malware: Instances of business email compromise, wherein hackers target victims to enable fraudulent wire transfers, are also continuing to impact organizations with foreign partners all over the globe. Making matters worse is that this is far from the only threat that involves the critical communication channel of email – Verizon’s 2018 Breach Investigations Report found that 92 percent of all malware is still being served up through malicious emails, including through phishing attacks and the inclusion of infected links or attachments.

Mega breaches on the rise

Once an email recipient opens such a link or attachment, it’s akin to leaving the door wide open for intruders.

Current data shows that it takes an average of 191 days to even realize that a breach has taken place, according to Small Business Trends contributor David William. That’s about 27 weeks, or more than six months.

“This slow response to cyber-attacks is alarming,” William wrote. “It puts small businesses in a precarious position and demonstrates a dire need for cybersecurity awareness and preparedness in every business.”

Compounding this problem is the fact that the longer hackers are able to stay within business systems undetected, the more time they have to steal data and other sensitive intellectual property. This has contributed to a steep rise in mega breaches, Trend Micro research shows, which involve the exposure or compromise of more than one million data records.

Leveraging data from Privacy Rights Clearinghouse, Trend Micro researchers discovered that overall, there has been a 16 percent increase in mega breaches compared to 2017. During the first half of 2018 alone, 259 mega breaches were reported, compared to 224 during the same period in 2017.

Surprisingly, and unfortunately, the majority of these instances came due to unintended disclosure of data. Those that resulted from hacking or malware was slightly less, and a smaller percentage came as a result of physical data loss.

And, as researchers pointed out, the loss or compromise of data isn’t the only issue to be aware of here.

“There are substantial consequences for enterprises that are hit by data breaches,” Trend Micro researchers wrote. “Recovery and notification costs, revenue losses, patching and downtime issues, and potential legal fees can add up: A mega breach can cost companies up to $350 million.”

How does this happen? Typical steps within a data breach

One of the first things enterprises can do to bolster their security protections is to support increased awareness of data breach processes and what takes place before and during an attack.

In this way, stakeholders – particularly those within the IT team – can be more vigilant and proactive in recognizing security issues or suspicious behaviors that might point to the start of an attack.

As Trend Micro explained, there are several steps that most data breaches include:

  1. Research: Before an attack ever begins, hackers will often carry out research on their target. This might include background research on victims to support phishing and social engineering, or looking into the company’s IT systems to pinpoint unpatched weaknesses or other exploitable vulnerabilities. This step is all about looking for an entrance, or a springboard that cybercriminals can use to launch their attack.
  2. Attack: Once attackers have done their research, they use this knowledge for either a network-targeted attack, or a social attack.
  3. Pinpointing the network or social: As Trend Micro explained, a network attack involves malicious infiltration within the victim’s infrastructure, a particular platform or application. A social attack, on the other hand, relies on duping an employee user (with a malicious attachment, for example) into providing access to the company network or infrastructure.
  4. Data exfiltration: After successfully infiltrating the company’s systems, attackers seek out sensitive information, including often customer details and payment data. The hacker will then exfiltrate this data, usually to a command and control server belonging to the attacker.

Depending upon the business, the industry in which it operates and the type of data stolen, hackers will then either look to sell this information, or use it to support other malicious activity. Attackers will most often look for details like customer names, birth dates, Social Security numbers, email and mailing addresses, phone numbers, bank account numbers, clinical patient information or claims details.

“Hackers search for these data because they can be used to make money by duplicating credit cards, and using personal information for fraud, identity theft, and even blackmail,” Trend Micro stated. “They can also be sold in bulk in Deep Web marketplaces.”

The current breach environment is sophisticated and challenging for overall enterprise security. To find out more about current threats and how your organization can protect its most critical data and systems, connect with the security experts at Trend Micro today.