Have any questions? Just call us at 1.866.900.4236

Data Breaches: Small Business Edition

2016 Data Breach Investigations Report: Small Business Owner Cybersecurity Edition

Every year, Verizon partners with various public and private sector entities to create this annual investigative report. It covers real-world data breaches and computer security incidents from the prior year. The 2016 Data Breach Investigations Report (DBIR) covers data from 2015 and this is the eighth (8th) year for this annual report. **Disclaimer: This blog post is for informational purposes only and should not be construed as legal advice. You should always contact your legal counsel or attorney for legal advice. This list is not inclusive and is merely an informational guide.** Every year when this report is published, there is a security frenzy. We want to focus on just a few key-points in this report that the small business owner (SBO) can utilize to improve his/her security posture. So why this report? The contributors include law enforcement and various organizations that have been on the front-lines of cybersecurity. In other words, this data is culled from reputable sources of real-world data breaches and computer security incidents. Take 30-60 minutes to review this report and what you can do to leverage these metrics into your business' computer security model. If you need a security risk assessment, contact us. So what do you need to know about data breaches and securing your small business? Focus on the basics. What attackers used in 2014 to hack into organizations worked in 2015, and will continue to work in 2016.

Data Breaches: Breach Trends

Percent of data breaches per threat actor

Source: 2016 VzDBIR

Yes, the majority of breaches come from an external source versus an internal source. However, you cannot rule out internal source. The Insider Threat, either intentionally, or unintentionally leaking your organization's data. The financial motive is still the primary reason for an attacker breaching your business' computer infrastructure. The User Device and Person are beginning to trend upwards, which means attackers are targeting your endpoint, end user more and more. Phishing and other malware related campaigns targeting the human (weakest link in the security chain). Percent of data breaches per asset category over time. In our experience in responding to breaches, ransomware, and other targeted security incidents, the endpoint (workstation | personal computer) continues to be a high value target, because it works. Whether it's ransomware, phishing (email scam), or a malware laced website your user (employee) visits, once the attacker obtains a foothold on the endpoint, it is now easy for them to pivot within your internal network and jump from system to system unbeknownst to you. Once a single PC is compromised on your business network, the attacker will likely create a backdoor so they can maintain persistence and begin reconnaissance of your network looking for high value targets & data. Training and education of your end user to very important. Spend time and resources on training and educations on these risks! This report also indicates a continued trend where it is taking an attacker less time to compromise an organization's network and even more time for an organization to discover they've bene compromised, which more and more by law enforcement, or a 3rd party versus the organization having the capability of detecting an attacker on the network. So what does this mean? Attackers are moving swiftly and very fast from the time they have credentials are way inside your network. They are able to move about freely as the time it is taking an organization to realize they've been compromised is taking longer. And the organization is being notified by law enforcement, or 3rd party that there is a problem versus the organization identifying the problem internally and responding to the computer security incident. This would be consistent with what we continue to see when we are investigating data breaches, or responding to computer security incidents.

Points of Focus

Credentials

The majority of confirmed data breaches involved default, weak, or stolen passwords. This continues to be a consistent trend we see when investigating a computer security incident. This is nothing new, nor groundbreaking, but something everyone has heard in some form, or another. In this cat and mouse game, it is important to regularly change passwords, remove default credentials, and have strong passwords. Yes, special characters, upper/lowercase letters, and numbers are important. However, password length is VERY important. We recommend you utilize a pass-phrase consisting of 12 characters minimum.

Phishing: Don't fall for the email scams

Email phishing is still very successful at getting malware onto your endpoints (PCs). Phishing is a form of social engineering where the attacker attempts to steal information, or trick the user to clicking on a URL. Once the user clicks on the URL, malware is downloaded and installed to the computer. If you run a medical practice, email phishing can be costly. Ransomware continues to very costly to businesses and continues to be delivered through email phishing campaigns. The FBI has some advice on protecting yourself from ransomware.

Vulnerabilities: old vulnerabilities are still being exploited and targeted by attackers

There are new vulnerabilities that are identified daily. Just as you would complete a product inventory, or audit business supplies, an IT asset inventory is a MUST. How can you manage, protect, and identify vulnerabilities if you do not know what technology assets you have on your network. So, start with an accurate IT asset inventory. Next, work with a reputable IT vendor, to identify vulnerabilities and complete a patch management plan.

Closing

If you are a small business owner, partner, executive, and/or a stakeholder in your organization cybersecurity must be discussed in your boardroom. We recommend you start by reviewing this report, so you have real-world data to develop a cybersecurity culture within your organization. Identify your biggest risks and develop cost-effective solutions for improving your cybersecurity posture. Contact us as we are happy to help!
Train and empower your employees! Your employees are your first line of defense! Educate them of these risks associated with using your small business' information technology systems and what they should do when they see something.
Source: Verizon 2016 Verizon Data Breach Investigations Report  

Share:
client-photo-1
Brad

About author

Brad Garnett, CCE®, GCFE, GCFA is a Digital Forensic Examiner with Kemper Forensics, a division of Kemper CPA Group LLP. Brad is a certified, experienced forensic examiner, investigator, and IT professional. Mr. Garnett also teaches a cyber crime and computer forensics course at a local university. Prior to joining the Kemper team, Mr. Garnett spent a decade in law enforcement, where he specialized in digital forensics. Mr. Garnett works with clients from various industries, including health care, law firms, local governments, and small businesses, where forensic technology is needed to answer a legal question or make a tough business decision. If you have a situation where forensic technology is needed to help you find an answer or make a tough business decision, please contact Brad at 812-421-8000. IMPORTANT: No public comment by Mr. Garnett (web page, tweet, video, update, status, speech, blog, article, audio, or similar) is legal or professional advice. Information should not be construed as legal advice or legal opinion on any specific facts or circumstances. The content is intended for general informational purposes only. You are urged to consult your own attorney on any specific legal questions concerning your situation.

No Comments Yet.

Leave a Reply