[BreachExchange] The Four Adversaries After Your Data

Audrey McNeil audrey at riskbasedsecurity.com
Wed Nov 2 10:42:02 EDT 2016


http://data-informed.com/the-four-adversaries-after-your-data/

Any business, regardless of industry sector or size, is vulnerable to
a cyberattack. Just ask some of the well-known retailers, popular
social media sites and global law firms who made news headlines
regularly over the past few years. The cyber threats are vast and
imminent, and organizations know they need to take action quickly as
hackers continue growing in both number and sophistication.

But who are these “bad guys” after your data? It’s likely adversaries
are already on your network and endpoints, poised to steal your
business’ data, without your knowledge. However, what exactly are they
looking for, and most importantly, how can they be blocked? These
adversaries come from a wide range of backgrounds, varying in motive
and target, but they all have the same end goal – a business’ most
sensitive, confidential data.

Meet the four most common types of adversaries after your
organization’s private information:

“Nation State”: This category of adversary is directly employed by an
arm of a national government and is typically very well-funded
relative to small hactivist groups and individual cyber-criminals.
These entities are motivated by economic, political, and military
advantages, increasing the impact of the damage that is possible if
they are successful in accessing the data they seek. Nation states are
interested in data about critical infrastructure, along with trade
secrets, business information and emerging technologies. This can lead
to a loss of competitive advantage for the countries or organizations
they target, as well as a disruption to critical infrastructure, which
may wreak havoc on the general population. Media and cyber-security
experts alike list China as the most prolific sponsor of nation state
hacking. In attempt to stem that tide, President Barack Obama and
Chinese President Xi Jingping announced they had “reached a common
understanding” to curb cyberespionage between China and the United
States in September 2015.

“Cyber-Criminals”: The most common adversary thought of when
discussing data theft, cyber criminals seek the immediate satisfaction
of a financial payout. They typically target personal and credit
information, including PII, PCI, and PHI, hoping to exploit the data
for their own financial gain. For the individual or organization
targeted, this can result in direct financial loss or legal issues, in
the form of lawsuits and regulatory penalties. Above all, a breach
caused by a cyber-criminal can cause a loss of confidence for the
organization, which can be difficult to regain, especially when
customer data has been compromised. One of the most worrisome aspects
about cyber-criminals is their increasing levels of sophistication and
organization. For example, some cyber-crime syndicates use underground
call centers to guide victims through the process of Bitcoin payment
and data recovery in ransomware attacks.

“Hacktivists”: If you haven’t already guessed by the name alone,
hacktivists are hackers looking to influence political or social
change by pressuring businesses, governments and other entities to
change their practices. How do they aim to do this? By attacking the
organization’s secrets and business information, including data
relevant to key leaders, employees, and customers. Hacktivists take
advantage of the data to disrupt normal business activities and put
the focus (and media attention) on their own agenda. The target’s
reputation is likely to be damaged as a result of this type of attack,
which is often a long-lasting effect that extends beyond the initial
loss. Arguably, the most well know hactivist group today is a
collective known around the globe as Anonymous.

“Malicious Insiders”: Insiders are an often forgotten source of
attacks, though they are arguably the most dangerous as they represent
trusted employees and partners. Motivated by personal gain,
professional revenge, and monetary reward, malicious insiders usually
have easy access to the data they are looking to expose or monetize.
This typically includes customer data, company financial and salary
information, along with employee data, corporate secrets, and notable
research that has yet to be released. Like most of the other
adversaries detailed above, malicious insiders seek to disrupt
business operations and damage the organization’s brand and
reputation. In some cases they may be collaborating with
cyber-criminals for personal financial gain.

Now that you’ve met the adversaries, it’s time to prepare and prevent
the next cyberattack from happening. By following a few simple – but
critical – steps, businesses can better position themselves to guard
their sensitive data when one of the aforementioned “bad guys”
attempts to infiltrate the network:

Identify Your Most Important Data Assets: All too often, organizations
have no idea where this valuable data is stored and who has access to
it. Businesses must know what their sensitive data is if they want to
prevent it from being stolen. Simply identifying the crown jewels can
feel like a daunting task, but it doesn’t have to be. Start with your
most critical data — the data you know a hacker is after. Get that
identified first and then move to the next organizational function.

Protect Those Data Assets: This is going to sound very basic, but once
sensitive data is identified… label it. Literally mark all critical
assets as “internal only” or “confidential.” There are also additional
technologies that you can employ to ensure your sensitive data stays
safe. From encryption to digital rights management, and persistent
document tagging to policy-driven data protection, there are numerous
approaches to ensure data flows freely, but only on a need-to-know
basis.

Implement patch management practices to ensure all security updates
are installed in the latest versions of software programs and
applications. This will help prevent the adversaries from exploiting
common vulnerabilities as they try to infiltrate systems.

Think Like the Adversaries: Take a look at all of your business
processes to determine where data theft might occur. Assess your data
from an outsider’s standpoint — what would you want to steal and how
would you do it? Then, set to work plugging those holes. “Threat
modeling” is one of the most effective ways to ensure security.

Improve Employee Awareness: The weakest link in data defense is the
employee — from the C-level executive to the intern. Add data
protection to manuals and employment agreements, and train them on
your policies regarding the use of confidential data. It also helps to
perform regular security awareness training and invite your
contractors, vendors and partners to participate, as they should be
subject to your data protection policies as well.

Be Prepared if Your Data is Stolen: Have an incident response plan at
the ready. Even the organizations that have their data protected can
still become victims of breaches.

If your business’s data is protected properly, it won’t matter which
adversaries you’re up against for the organization to remain secure.
However, now is the time to rethink and prioritize cybersecurity –
before falling victim to the next hack.


More information about the BreachExchange mailing list