Government // Cybersecurity
News
4/22/2014
10:20 AM
Connect Directly
RSS
E-Mail
50%
50%

Cyber Espionage Incidents Triple: Verizon Report

As cyber espionage grows quickly, government agencies become the No. 1 target, finds 2014 Data Breach Investigations Report.

Eastern Asia. "Two countries in particular, the People's Republic of China and the Democratic People's Republic of Korea, represent that region," the report notes.

Attackers are using a diverse array of tools in espionage, but the most common is spear phishing. Email attachments are used to deliver 78% of identified espionage attacks, and links within emails deliver 2%.

Source: Verizon 2014 Data Breach Investigations Report
Source: Verizon 2014 Data Breach Investigations Report

Because exploits used for espionage are varied, the recommended controls to counter them run the gamut of basic cyber security:

  • Patch everything.
  • Use updated antivirus.
  • Train users.
  • Segment your network.
  • Keep good logs.
  • Break the exploitation chain by detecting phishing attempts and interrupting them when someone "clicks."
  • Spot command and control traffic and data exfiltration.
  • Stop the lateral movement of attackers who gain access to the network.

The report also found the use of stolen and/or misused credentials (user names and passwords) continues to be the most frequent way attackers gain access to information, making the case again for using two-factor authentication. The report also noted that insider attacks are on the rise, especially for intellectual property.

Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators. Read our InformationWeek Elite 100 issue today.

William Jackson is a technology writer based in Washington, D.C. He has been a journalist for more than 35 years, most recently covering the $80 billion federal government IT sector for Government Computer News. His coverage has ranged from architecture to international ... View Full Bio

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
asksqn
50%
50%
asksqn,
User Rank: Ninja
4/29/2014 | 4:34:55 PM
Whatever happened to accountability?
That a law must be passed to compel federal agencies to be transparent in order to track breaches is astonishing to me.  
WKash
50%
50%
WKash,
User Rank: Author
4/22/2014 | 3:59:50 PM
Re: Caution with the numbers
pfretty, thanks for making the added point: Sometimes, its easy to focus too much on the numbers and miss the larger message.  Your point that leading infrastructure sectors have been targeted more than retail and consumer sectors is an important part of that message, and one worth heeding.  Of note: see our story this week on the Cybersecurity Framework for Critical Infrastructure: Protecting Critical Infrastructure: A New Approach  and Sensitive Data: What Constitutes 'Reasonable Protection'?

 
pfretty
50%
50%
pfretty,
User Rank: Moderator
4/22/2014 | 3:44:46 PM
Re: Caution with the numbers
The actual numbers themselves are not as important as the overarching message -- in a data-based society, we need to pay more attention to accesspoints. According to the 2013 HP Ponemon Cost of Cyber Crime report (http://www.hpenterprisesecurity.com/ponemon-study-2013), all industries fall victim to cybercrime, but to different degrees. The report breakd out the average annualized cost of cyber crime appears by industry segment, and organizations in defense, financial services, and energy and utilities experience substantially higher cyber crime costs than organizations in retail, media and consumer products. Simply put hackers are under far more targeted campaigns while utilizing higher levels of sophistication. 

Peter Fretty, j.mp/pfrettyhp
WKash
50%
50%
WKash,
User Rank: Author
4/22/2014 | 1:16:29 PM
What's new about the espionage incidents
One of the other interesting points raised by the Verizon team in their findings on espionage is the fact that while spear phishing, via mostly email, remains the most often used method by hackers to break into a system, there has been a notable rise in strategic web compromises as a method of gaining initial access.
WKash
50%
50%
WKash,
User Rank: Author
4/22/2014 | 1:07:51 PM
Caution with the numbers
I think the narrative in the Verizon report says it well:

"Before someone concludes we're asserting a vast increase in
espionage in 2013, we're quite sure countless organizations
have been consistently targeted for several years. Instead,
we attribute this increase primarily to our ever-expanding set
of contributors conducting research in this area, along with
more community information sharing that improves discovery
capabilities. Like a streetlight illuminating cars parked along
the street, more contributors allow us to see more cars.
Unfortunately, we can also see that those cars have broken
windows and stolen stereos."
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.