Billions of people were affected by data breaches in 2018. Now is the time when, if we’re paying attention, we can learn a lot from last year’s barrage of cybersecurity threats. A breakdown of the top cybersecurity threats from 2018 won’t make us immune from attack in the future, but it can help us hone our defenses for the upcoming year.
In November, Marriott announced news of a breach of more than 500 million customers. Days later, question and answer site, Quora disclosed a security breach that compromised as many as 100 million users. Facebook also joined the ranks of the breached in 2018 with more than 29 million users compromised. News got worse for the social media giant and their users when further inappropriate access to the tune of 87 million users as a result of the Cambridge Analytica scandal.
Climbing data breach tallies tell us one thing – cyber criminals are ramping up their efforts, not down. We also know the thefts are increasingly pervasive because cyber crime is a lucrative business. From your personal health dossier to your banking credentials to your Netflix login, cyber thieves can buy just about anything on the Dark Web. Prices vary from seller to seller, just as the quantity and quality of information available.
Last month, 617 million account details stolen from 16 hacked websites went up for sale with a single asking price of $20,000 in Bitcoin. Voter lists are said to sell for anywhere from $150 to $12,500 each today, depending upon the state and size of the list.
Cyber thieves have a variety of hacking tools at their disposal – sometimes influenced by the kinds of kits being sold on the Dark Web but more often, their tactics are driven by opportunity. According to Forrester’s State of Data Security and Privacy: 2018 to 2019, the most successful attacks last year were:
Most external attacks include the likes of denial of service (botnets in high gear), web app seizures, stolen credentials (usually from phishing), and of course, exploited vulnerabilities.
Making up nearly a quarter of all attacks, insiders can abuse access by knowingly changing or stealing data. More often though are sins of omission, like unreasonably high privileges that provide someone with far too much access.
Third-party attacks include the partners, suppliers, contractors, and even clients who push their own compromises into your environment. Rarely does this happen on purpose, but without constant vigilance, interconnected businesses provide the ingredients for this likely damage.
Lastly, things get lost. One out of every six successful attacks can be blamed on a lost or stolen asset such as a laptop, tablet or even phone. Once an asset is outside your view and control, anyone accessing the device is, by definition, gaining unauthorized access.
Knowledge of the four primary ways attackers are breaching organizations today is prescriptive. And today, you need to prepare for both outside attacks and troublesome insiders. Diligence is also required across your partnership network, although perhaps slightly less so right now if budget prioritization becomes an issue. And so is constant vigilance over all of your devices, all of the time.
For more information on the state of cybersecurity threats, watch the next episode of our Cybersecurity Insights video below. And while you’re at it, watch and subscribe to our full Cybersecurity Insights video series on YouTube.
Hey there, it's Josh from Absolute. In today's episode, we're going to take a look at cybersecurity threats.
What makes a something a threat?
Well, let's look at the definition of a threat: a person or thing likely to cause damage.
Ah...it must be likely to cause damage.
Looking for threats forces us to think in probabilities.
In 2018, the most successful attacks were:
Let's take a closer look...
External Attacks are the likes of denial of service (botnets in high gear), web app seizures, stolen credentials (usually from phishing), and of course, exploited vulnerabilities.
What about internal incidents? Making up nearly a quarter of all attacks, insiders can abuse access - knowingly changing or stealing data - while many more are sins of omission, like unreasonably high privileges giving far too much access.
Number 3: third-party attacks. These are the partners, suppliers, contractors, and even clients who push their own compromises into your environment. Rarely does this happen on purpose, but without constant vigilance, interconnected businesses provide the ingredients for this likely damage.
Fourth and last, things get lost. One out of every six successful attacks can be blamed on a lost or stolen asset. That makes sense. Once an asset is outside your view and control, anyone accessing the device is, by definition, getting unauthorized access. They're not the authorized user.
What's the attacker's goal? The primary motive is greed; you have something the attacker wants: information.
Whether the attacker is manipulating data or stealing it outright, the attacker profits.
If stealing data, countless customer records and intellectual property can be sold on the Dark Web or to a buyer who wants to do you harm.
When manipulating data, the attacker is provoking your organization's behavior, and based on that reaction, the attacker can reap the profits in the stock market when buying and selling.
If we lose visibility and control, risks become more likely; when risks become more likely, they turn into threats. It all about visibility and control.
In the next couple of episodes, we'll take a look at some common characters on the threat landscape like botnets, phishing schemes, and mutating malware.
Be sure to subscribe (and a little thumbs-up 'like' would be nice) and drop your comments below, I'll see you next time.