This is part 3 of a 4-part series examining data breaches, what they cost, why they are increasing in frequency, and what you can do about them.
In our September 6, 2016 post, we broke down the issue of dwell time, and its impact on the financial impact of a breach. In this blog we look at what’s behind the continuous increase in breaches.
Greed Meets Opportunity
Not a day goes by, it seems, without a major, high-profile data breach in the news. From major retailers to dating sites to political parties, it appears no one is safe. But why is this happening? The reasons are many.
The motivation of financial gain makes systems that store millions of records tempting targets. It’s no accident that hacking tools are easier to come by than ever. The market for pre-built and automated malware (or “crimeware”) is vast and growing. And in an age when virtually every network is connected to the Internet, every network is vulnerable.
Even if enterprises have strong security controls, their third-party vendors may not, and may be more easily compromised. That’s why an alarming percentage of hackers are gaining entrance to enterprise data centers via suppliers and business partners. In the well-publicized Target breach, the company disclosed that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor.
New Motivations Pile On
Another reason for the increase in breaches are new motivations for hackers. And taking center stage is ransomware. More hackers are breaking into business networks for the purpose of encrypting data and extorting companies for financial gain. Although ransomware has been around for many years, in 2016 there has been a significant increase in the number of attacks, with nearly 40% of all businesses experiencing an attack in the past year, according to research from computer security firm Malwarebytes.
And don’t expect the ransomware threat to cease and desist any time soon. Recently, FBI Cyber Division Assistant Director James Trainor said that ransomware will continue to be a significant threat over the next year. And, according to FBI estimates, ransomware is projected to be a $1 billion business in 2016.
Detection Is Lacking
There’s also technical explanation for this onslaught of breaches, which data center operators need to take into account. The movement to software-defined and cloud technologies has created security gaps in the data center, specifically within east-west traffic, enabling advanced persistent threats (APTs) and malware to move laterally within data centers, undetected. The pace of change and high level of virtualization in modern data centers has simply blinded traditional security measures in these dynamic, virtualized environments.
Ultimately, though, organizations have been overly reliant on threat blocking and intrusion prevention, without enough emphasis on breach detection and response. Defenders need to block 100% of the vulnerabilities in their systems, but attackers only need to break through once. When they do, they are enjoying too much dwell time to do their dirty work.
However, the re-balancing of security investments from intrusion prevention to detection and response may already be beginning. According to Gartner, the need to detect advanced, targeted attacks and quickly respond to them has led many enterprises to implement a new breed of security products that focus on rapid attack detection and response. And emerging technologies like distributed deception can play an important role in improving detection and speeding up incident response.
So What Can Be Done?
First, let’s recognize that breaches are inevitable and take to heart the adage, “It’s not a matter of if, but when” – as the high-profile examples cited earlier so painfully illustrate. Given that, in our next blog post, we’ll lay out some practical measures organizations can take to mitigate the damage and high costs of breaches.