There has been much discussion, in the technology industry, recently around the security of data and the likelihood of suffering a data breach. Some believe that it is only a matter of time before an organisation or individual ultimately suffers a breach. If this is the case, what will the knock-on effect be and will your business be ready to face it?
Statistics from Verizon’s 2017 Data Breach Report, start to paint a picture of the threat landscape and who cyber-criminals are targeting. There’s an irony to Verizon producing such a report, having purchased Yahoo in 2016, Yahoo of course suffered a data breach affected 3billion accounts in 2013.
2016 is widely reflected upon as the year of Ransomware; Attacks spiked, headlines were made and cyber-criminals behind the attacks turned a quick profit. Part of the reason for this was the change in how cyber-criminals targeted victims and the new-found effectiveness of this. By targeting organisations rather than individual users, cyber-attackers could increase their effectiveness by targeting contacts more likely to open a malicious attachment (HR, finance or admin workers).
Cyber-criminals have been successful in extorting money from victims, a direct link can be found with the amount of ransomware attacks and this, with the report stating that 73% of attacks have been financially motivated. Internal threats have historically always been an issue and with Ransomware-as-a-Service now available there has also been a rise in cases related to espionage (21%).
Some of the largest attacks to make headlines were able to affect thousands of organisations within hours, causing service outages and unprecedented down-time. One organisation that was badly hit was the NHS in the UK, when struck with a large-scale ransomware attack, accident and emergency services including ambulances were plunged into chaos; the ransomware had extorted a known vulnerability in Windows XP systems that could have been patched.
Who’s been hit?
The Breach report reveals that the top 3 industries to have been affected by a breach or cyber-attack were public administration organisations, healthcare organisations and financial service organisations. These are all industries that are likely to process and hold highly-valuable data therefore the need to get this back quickly and stop any down-time, could result in a quick payment for cyber-criminals.
Anti-virus and data protection tools are evolving to deal with the threats of cyber-attacks and cyber-criminals are having to combat this in various ways. Many attacks will use multiple stages to help disarm security protocols. Phishing attacks now make up 21% of all attacks, having grown from just 8% the year prior. HBO are just one organisation who have suffered at the hands of hackers in 2017, when systems were hacked in July. Hackers demanded ransoms of around $6million in return for not releasing key information as story lines and episodes of the most recent series of Game of Thrones; the data totalled around 1.5 Terabytes.
Credit firm Equifax, suffered one of the largest breaches in history this year, when they revealed that data for over 143 million customers in the states alone had been breached. The hack was disclosed in September despite taking place months earlier, this decision, it has later been revealed, was made in fear of more attackers taking advantage of the known vulnerability in commonly used applications within the organisation.
Am I ready for an attack?
Many organisations will employ various levels of cyber-security to diverge the effect. One of the largest challenges though, is identifying and reporting breaches; hackers that hack IoT devices and turn them into botnet’s often do so silently. This is evidenced by the fact that 27% of breaches are reported by third parties. Cyber-attacks still often rely on a human element to be effective, this may be someone opening or downloading a malicious file or attachment, or falling victim to a phishing scam. In this event an infection can usually spread quickly across a network taking down systems as it goes. It’s what happens next that will often determine how much damage is done by the attack.
DR and Business continuity planning
A large-scale outage is like any other disaster that could strike your infrastructure, it will cause downtime and if not dealt with properly will likely result in severe loses and reputational damage for any organisation. Having a disaster recovery and business continuity plan is best practice for any organisation and this needs to be built into cyber-security measures.
The effects of a cyber-attack can be mitigated, if they are planned for. Actions like having separate networks for business-critical information and systems and everyday work can stop an infection spreading from one network to the other.
Ultimately a DR and BC plan must consider how a business will get back to operational capacity and analyse the effects of an attack. Backup is often the starting point for getting back up and running again.