Verizon’s annual data breach investigations report has just been released and it has a number of interesting findings. Firstly, the numbers of attacks from external actors has decreased by around 15%. This means that even though the actual numbers of internal actors has stayed roughly the same, it has increased by 12% in comparison.
Secondly, there is the rise of ransomware, which sat at 22nd in the list of common malware in 2014 and is now at 5th. The idea of Ransomware is that somebody gains access to important files and encrypts them, making them unusable unless a company is willing to pay for the encryption to be taken off.
However, the most important element of the report is that humans remain far and away the weakest link in data security measures. It is something that cyber criminals have picked up on too, with the report finding that the emails sent containing malware are ‘often targeted at specific job functions such as HR and accounting, whose employees are most likely to open attachments or click links - or even specific individuals.’
Ninety-nine percent of malware is sent by either email or web server, both of which should have some kind human gateway involved, the issues come from the fact that these human gateways are often found lacking.
People often have a romantic view of hackers as a group of computer geniuses who can somehow get through the most complex security systems by using a series of complicated codes in a mysterious language, but the reality is quite different. Most hacks are not some kind of back door secret insecurity masterfully exploited, rather most employ a scattergun approach, with millions of emails sent to millions of people to try and get the less security savvy to hand over their details or install malicious software. This isn’t some complex system either, often it can be something as simple as pretending to be somebody’s boss or sending an email made to look like it’s from a service provider.
The problem is that this is more to do with social engineering and manipulation than anything to do with complicated technology, and unfortunately the ability to be conned and manipulated is something that humans have always been adept at. Instead it appears that the bulk of data loss can be avoided through effective training to help employees know when they’re being tricked, but even then all it takes is somebody not thinking about what they’re clicking on to potentially cause a breach. It may not even be an unconscious reason for a breach, as the report says that 81% of all breaches were due to both stolen or weak passwords, which is as much about people not updating their passwords or setting difficult ones in the first place.
However, the report wasn’t all bad news and one of the really positive elements is that although there are still a huge amount of data being lost, several security initiatives seem to be working.
Part of this may comes from the fact that 88% of breaches fall into the nine patterns identified in the 2014 version of the report. It means that combatting them has become considerably easier as security companies know the basic pattern that hackers are likely to take, making it simpler to stop them from doing it. For instance, there has been a decrease in password-stealing bonnets and opportunistic point of sale intrusions perhaps due to this additional knowledge.
Ultimately, knowledge is what’s going to help prevent further security breaches and this is an area that is showing some really positive signs. One of the big ones is the growing realization that data sharing is incredibly powerful. This has led to an increased co-operation between companies and security services, allowing both to flag new issues and quickly spread them across a huge number of companies, allowing the overall threat to be nullified.
One of these initiatives is nomoreranson.org, which hosts 27 decryption tools which can unencrypt most files locked through ransomware. As more files are locked by ransomware and analyzed by these programmes, they can unlock an increasing number of similarly locked files. It essentially means that as soon as an approach is used once, if the victim reports it, every person in the world could potentially find out how to fix it.
The report is certainly eye-opening and shows that there are still a wide variety of threats to data security, but the weakness that is most commonly exploited is the same one that has been exploited since long before computers were even invented - human behaviour.