Learn what the threats are and how to protect yourself.
2) Web application attacks
Industries affected: Information, utilities, manufacturing and retail
Attacks through web applications can take many forms, making them difficult to defend against. As reported on CBR, two of three web app attacks are done in the name of ideology or amusement, with financial gain accounting for most of the remainder.
Using web apps for financial gain often takes the form of phishing, malware installation and brute force (password guessing), according to Verizon. A rarer tactic is that of SQL injection, in which commands are given to the database in order to obtain the desired data. As with Point-of-Sales attacks, those which could be attributed were linked to Eastern Europe.
Ideological attacks tended to focus on content management systems (CMSs) such as WordPress or Drupal, often targeting plug-ins rather than core code. Through this method websites were often defaced without more serious damage taking place.
What to do: Companies are encouraged by Verizon to find methods of authentication other than single passwords. Given the vulnerability of CMSs it may be prudent to move to static frameworks, which pre-generates content rather than responding to each query.
Develop a manual patching process if an automated one is unavailable. Proactively seeking vulnerabilities, creating lockout policies to deter brute force attacks (in which hackers try to guess passwords) and monitoring outbound connections is also advised by Verizon.
3) Insider misuse
Industries affected: Public, real estate, admin, transport, manufacturing and mining
This category covers any abuse of an organisation’s resources by a trusted user, typically for personal or financial gain. Within 2013 Verizon saw a move towards accessing trade secrets and internal data, but they do not believe misuse as a whole has increased. A memorable example of this would be the activity of Edward Snowden.
Organisations must place a certain amount of trust in employees in order to enable them to do their jobs, but doing so opens their systems to misuse. Verizon say this can be as basic as writing down credit card information on a piece of paper or as complex as installing malware such as keyloggers. It can be done remotely, via a local network or physically.
What to do: Maintaining basic controls over who has access to data is an obvious place to start, including disabling accounts of former employees. Companies should be wary of data being taken out of the organisation (exfiltration), and take regular anonymised access audits to deter potential abusers.