The world’s networks are under constant, relentless attack, including – perhaps especially – the networks of service providers. Service providers are not only targets themselves, but since they provide the network infrastructure for so many other companies, they are doubly at peril.
There were 1,367 confirmed breaches of security reported by all types of companies around the world last year, according to Verizon’s 2014 Data Breach Investigations Report (DBIR), and a total of 63,437 security incidents, far more than in 2012.
If there’s any good news in the increase, it’s that it comes from a vastly expanded data set. While the number of security breaches has assuredly risen, the 2014 numbers only appear to be greatly inflated because there are literally dozens more organizations that began sharing their data with Verizon researchers last year.
Last year, retailers were notable targets (Target, Nordstrom, Harbor Freight, some regional supermarket chains), Edward Snowden released proof that the NSA was spying on nearly everyone, including Americans, and China solidified its reputation for cyberwarfare, largely for competitive economic gain, according to U.S. sources.
All of that notwithstanding, Verizon said, attacks motivated by financial gain are trending down, while espionage is trending up.
Araceli Gomes, Verizon’s manager of cybersecurity solutions engineering, said Verizon and its partners providing data for its DBIR are certain that they can attribute specific incidents to espionage. “We can do advanced case linkage,” she said. “Incidents that don’t seem linked, when we follow them back, it turns out that they are.
“This isn’t FUD,” – fear, uncertainly, and doubt – she continued. “There are global, international reasons at play.”
MSOs, satellite distributors, TV broadcasters, film studios and other concerns fall in the “Information” industry category, which has experienced more attacks than any other industry sector (“Public” refers to government agencies), even more than finance.
Verizon shows that 92 percent of all incidents fall into only 9 categories:
- Point of sale (POS) Intrusions
- Web App Attacks
- Insider misuse
- Physical theft/loss
- Miscellaneous errors
- Card skimmers
- Denial of Service (DoS) attacks
- Cyber espionage
Gomes said Information companies tend to be subjected to insider misuse, crimeware, and DoS.
Insider misuse is often unintentional and “not nefarious,” she said. Examples might include a disgruntled employee selling data, or simple accidents. “That’s very relevant to telecom,” she said. “With the free flow of information, security can occasionally go by the wayside.”
Crimeware could be almost anything done for criminal financial gain. Examples might include the use of spyware, botnets or phishing schemes.
Verizon has been watching DoS activity, but hadn't included it in the DBIR, because it had been arguable whether it was a classic security issue. That argument seems to be settled in the affirmative now. DoS has been on the rise, especially against banks and retailers. “DoS is usually attributable to fun or ideology,” Gomes said. “Fun” meaning people doing something just to do it, “ideology” meaning exactly what it says – think of the group Anonymous retaliating against companies the group’s members feel have misbehaved, or a group called Izz ad-Din al-Qassam Cyber Fighters (QCF), which attacked U.S. banks as retaliation for a video that kept popping up on YouTube which the group felt was disparaging to Muslims.
The upshot, though, is that DoS attacks are getting bigger in terms of the two key measures for this sort of thing: bandwidth and packet rate.
The DBIR looks at all the types of attacks, and offers suggestions for countermeasures. The report can be downloaded for free.
If there’s a silver lining in the security-incident cloud, it’s that telecom companies are able to take what they learn securing their own networks and systems and turn around and monetize that, by providing security services to their customers. “The things that Verizon does to protect itself, we put some of those things at the service of our customers,” Gomes said.
While the financial industry has a formal organization that members have created to deal with common security issues, the telecom / Information industry has no such thing. On the other hand, Gomes said, telecom companies cannot solve network problems on their own – they are, after all part of a network. Telecom companies tend to work with each other informally to chase down and resolve security issues.
That’s good news perhaps, but the bad news is that overall, perpetrators are becoming more savvy, and are able to do whatever they do usually in a matter of days, while their victims tend not to detect a problem for weeks, months, or longer – and the gap between perpetration and detection is getting wider.