Who Let the Data Out? Who, Who, Who, Who? (Part 1 of 3)

Nowadays, everyone knows how important data is. Who hasn’t seen a sensational news story about a data breach lately? Despite all this public exposure, however, not everyone is qualified to protect organizations against breaches. It takes more than binge-watching a season of Mr. Robot to become a cybersecurity expert, or many of us would be out of a job! In this industry, the right knowledge defends organizations against attack. And to gain it, the six “w” questions are as important as ever: who, what, when, where, why, and how?

To find the answers, Ponemon Institute conducted a seven-nation survey of 1,000 IT decision-makers in financial services, healthcare, government, manufacturing, and retail organizations, to develop benchmarks for data loss prevention incidents, visibility, and maturity. The primary goal of this research was to understand and compare the number of data protection incidents that organizations deal with on a daily basis and the factors that influence this. Aggregating the results from this report, with previous information from the Verizon DBIR and Grand Theft Data: 2015 McAfee Data Exfiltration Study gives us a bird’s eye view on all things DLP.

Rolling in The Deep Takeaways

What were the conclusions? For starters, we’ve confirmed the Wu-Tang saying “cash rules everything around me” to still be true: financial motives are behind 89% of data breaches. This has been an upwards trend since 2013. So organizations with easily-monetized data, such as credit card and payment information, are at higher risk of attack. At the same time, we’re also seeing perpetrators seize more opportunities to profit from other data, such as health records.

In the face of widespread looting, compliance issues are relevant. So far, most companies have focused only on the requirements within their own political and geographical domains. More cooperation could build frameworks for broader monitoring. That would certainly be a good thing, but let’s not get the wrong idea. The report reveals that compliance alone doesn’t correlate to more effective data-loss prevention.

Just Beat It, Or Be Defeated

For cybersecurity teams to successfully secure data, one crucial area needs improvement. Internal teams’ monitoring capabilities are not up to par, and it’s hurting them. Stolen data is often sold or used before companies even notice. In fact, it’s more the norm that third parties like law enforcement discover breaches first.

Who are these eager villains, who look at organizations’ defenses thinking “just beat it?” Most of the time, external perpetrators are behind the deed. Think of nation-states, organized crime rings, and profit-hungry hackers. They’re responsible in 60-80% of cases. As for the other 20-40%, those involve people with access to confidential data. Think of contractors, partners, or employees. While protecting against external threats is clearly the priority, internal security can’t be overlooked either. Regardless of who’s responsible, no one wants to be defeated.

Who Are You? Who, Who?

What do we know about the companies being attacked? Well, if you think cybercriminals prefer to phish for a bigger catch, your hunch is right. Once we examine the median number of incidents for companies of different sizes, the trend is clear. The largest companies see the most incidents (31-50 daily), mid-sized companies experience less (21-30 daily), and smaller companies have the least (11-20 daily).

The size of a company also connects with its geographical identity. Asia-Pacific companies are smaller than the global norm on average. As you’d expect, their median corresponds to 11-20 incidents daily. On the other end of the range, Indian companies, larger than the global average, have a median of 31-50 incidents daily.

Of course, a company’s business also influences its risk. Cybercriminals are more interested in some industries than others. It’s no surprise that financial services are the hardest hit, followed by retail. Since profit is the largest motivator for attacks, we can attribute this to the temptation of payment and financial data for crooks.

However, there’s also good news. The most-threatened industries learn to prepare for threats. When companies were asked to assess how adequate their defenses were, retailers felt the most comfortable, followed by financial and healthcare organizations. Manufacturing companies ranked at the bottom of that list.

Where The Breaches Have No Name

At the end of the day, data breaches aren’t going away anytime soon. Tellingly, the rate of acceleration for speed of compromise is outpacing the rate of acceleration for discovery. While perpetrators only take minutes or hours to crack in, security teams often need days to find out about incidents.

There’s more work to be done. But with the right knowledge, cybersecurity experts can change the tide. Intelligence is the basis for success in our industry. It all starts with knowing the who, what, when, where, why, and how of data breaches. Maybe then, news outlets will find other sensational topics, when the breaches have no names.

Finally, visit us at the upcoming FOCUS security conference at ARIA Resort and Casino in Las Vegas, Nevada. Data protection expert Rob Gresham and Larry Ponemon of the Ponemon Institution will take a deep dive into this research. Catch their talk 11:15am on November 2nd, at Room 7-Pinyon 3.

Stay tuned for the next blog! We’ll discuss types of leaked data, how breaches occur, and employee training tips. Get updates by following @McAfee and @McAfee_Business.

Curious about something? Chat with us on the hashtag #WhoLetTheDataOut. Come on, it’s irresistibly fun to yell “who, who, who” while typing.

See you for the next blog!