By Michael Marriott, Digital Shadows security
expert
High profile data breaches are regularly in the news and,
seemingly, businesses and are losing the battle to protect their intellectual
property (IP), corporate, and customer data from the threats posed by
professional cybercriminals.
It is no surprise that financial
gain is the single biggest motivator for cyberattacks. The 2016 Verizon
Data Breach Investigations Report highlighted that financial gain and espionage
accounted for more than 89% of all data breaches they studies. Financial
gain was by far the biggest single reason for attacks, beating espionage
and all other objectives into a distant second place.
This is big business for
cybercriminals.
To deal with the threats posed by these breaches, organizations, have to
get on the front foot when protecting their intellectual
property. Firstly, by identifying the location and protections
around critical IP, secondly keeping a watchful eye on the types of attackers
and the methods they might use to obtain it.
But despite the excitement, which is often rightly directed at new
viruses or malware or attack techniques, it is exploit kits that remain one
of cybercriminals’ most reliable and trusted delivery mechanisms to embed
malware and conduct malicious activity. And, even as an exploit kit gets shut
down, others pick up the slack and continue to deliver their payloads.
Our report,
“In the
Business of Exploitation”, found that the
vulnerabilities exploited by the top 22 exploit kits showed that Adobe Flash
Player was likely to be the most targeted software, with 27 of the 76
identified vulnerabilities exploited taking advantage of this software.
Understanding the most commonly
exploited software, and the most frequently targeted vulnerabilities, can aid in mitigating the threat posed by exploit kits and
prioritizing their patching.
To protect their IP it is critical that a company evaluates their
security using the perspective of an attacker, which helps prioritize the
work to address potential vulnerabilities. This could involve looking at where
their organization is exposed on social media sites, points of compromise, and
looking for evidence of previous attacks across the visible, dark, and deep
web. The military use the term situational awareness, and we believe that it is
useful for companies to use this approach when considering their cybersecurity
controls.
Companies can therefore remain quick
to respond to incidents and limit the consequences of any potential breach.
That way they can remove information from public view by issuing takedown
requests as soon as an organization finds its information being shared
advertised or sold on the web. Similarly, by knowing what information is
compromised, passwords can be changed, customers notified and points of
weakness fixed.
By being proactive, organizations
can tailor their defenses and make better, more informed business
decisions. In a world of complexity and uncertainty, this kind of
illuminating context is key to preventing vital IP falling in to the wrong
hands.