When data leaks, the cause may seem like a mystery. But cybersecurity professionals know better. Concrete facts exist behind every breach. Just like a song stuck in your head that you can’t name, knowledge brings relief. So let’s continue our discussion of the six “w” questions of cybersecurity: who, what, when, where, why, and how.
Let’s recap where we left off — our last blog examined the motivations for breaches, speed of response times, and identities of perpetrators and victims. Remember how those benchmarks came from aggregated information? Just like last time, this blog uses combined numbers from Ponemon Institute’s global survey of IT decision makers, the Verizon DBIR, and Grand Theft Data: 2015 McAfee Data Exfiltration Study.
Ooh What’s Going On? (With Data Types)
Threats to data can make us mourn, like the sounds of a lamenting soul song. But what type of data should we grieve for the most? In answering this question, a trend highlighted from the last blog is insightful. The black-market value of leaked information is not constant. Lately, payment information such as stolen credit card numbers have decreased in value. Meanwhile, crooks have shown willingness to pay more for private details such as medical data. Consequently, today’s most exposed type of data are customer and employee records. Financial details have actually slipped to a distant third.
It’s clear that cybercriminals are making strategic adjustments. Naturally, they have to go after different file formats to obtain personal data. Villains are increasingly seeking Microsoft Office files, PDFs, and plain text documents. The question is, are companies adjusting their defenses for these file formats?
Unfortunately, organizations aren’t moving as fast as their enemies. And InfoSec isn’t a race that favors tortoises over hares. While there are advanced solutions for intrusion detection and data loss prevention, many IT teams still use the simplest tactics. There are a variety of detection methods encompassing dictionaries, unstructured data mapping, and data classification. Yet 27% of U.S. companies and 35% of U.K. companies only utilize regular expressions. That may make sense when perpetrators hunt for standardized data like credit card details. But it isn’t fitting in the evolving security landscape, given the rising prominence of personal data and unstructured data.
Cybercriminals are crafty and know to shift their focus. On the contrary, many companies are lagging behind. Some even treat defenses with a set-and-forget attitude. We can see this through the lack of correlation between duration of safeguards in place and efficacy of breach prevention across the industry. Perhaps even more shockingly, 5% of respondents admitted they don’t know how their data loss prevention solution even works.
99 Problems, At Least Employee Education Ain’t One
So what progress are organizations making? The good news is that employee education is widespread, with 85% of companies have implemented some form of security awareness or data value-recognition program. Naturally, this figure deviates across verticals. Industries most concerned about security have an 90% adoption rate, and these include financial services, retail, and healthcare. Manufacturing, on the other hand, has a far lower rate of 75%. Regardless, workforce education appears common across the board.
Knowledge may be powerful, but action is crucial. Only 33% of business units share data loss and prevention results with others. Without that feedback, organizations as a whole don’t have the ability to integrate feedback and course correct earlier. In fact, workforce education may not be a sufficient defense alone. Simply too many problems are associated with data breaches, as criminals gain in technical sophistication. We’ve seen previous years’ top digital methods for breaking defenses grow to account for even more breaches—hacking, malware, and social phishing are on the rise. Additionally, by using information from social media, perpetrators have made attacks more believable than ever. Virtual extraction methods cover an entire gambit of web protocol, file transfer, and email. On top of that, physical methods are prevalent. In a whooping 40% of cases, a USB drive is involved! That’s a long list of things to worry about.
To be exact, these issues may not equal the proverbial 99 problems. But the situation can feel that way. Cybersecurity teams face challenges from many angles. While employee education is widely implemented, that’s not enough. After all, crooks only need one successful attempt to steal crucial data — and many tools are at their disposal.
Where Is My Detection, Where Is My Detection?
You might next expect it, but cybersecurity has something in common with real estate. It’s all about location, location, location. To tackle all the various threats, monitoring has to occur at the right place.
For example, among survey respondents, the most common method was to analyze data moving both within trusted networks and at egress points going in and out of the network. However, that can only catch 60% of data breaches — the ones that rely on email, web protocol, and file transfers. For preventing physical loss, endpoint monitoring is needed to analyze user activity and physical media. Yet it’s only employed by 37% of respondents.
Speaking of location, nowadays, many organizations have data in the cloud. That’s another monitoring gap. While 60% of teams use cloud-based apps, only 12% have visibility into their data activity. This may stem from the myth that cloud security defense, which most vendors provide, equates to data protection. That isn’t the case. Proactive data discovery is essential, but only 7% of companies have implemented it. Cybersecurity professionals should take the classic Pixies song, change a word in it, and sing “where is my detection, where is my detection?”
Well, that’s a wrap for now! Next month, we’ll conclude this discussion in our final blog in the series. Catch granular details on the drivers of data breaches, as well as best practices and benchmarks for prevention.
Don’t forget, we’ll also be at the FOCUS security conference. Larry Ponemon of the Ponemon Institution and cybersecurity pro Rob Gresham will be discussing six “w” questions in even more detail. Join them in Room 7-Pinyon 3 at 11:15am, November 2nd.
Take care, and see you next month with our final cybersecurity-themed song references.