Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

11/11/2015
04:45 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Federal Government Most Prone To Repeat Breaches

It isn't just the White House that gets compromised more than once. Also, in a shifting trend, malicious insider attacks don't cut quite as deep as outsiders' do, report finds.

After a data breach, some organizations get up and redouble their defenses, while others get kicked while their down, again and again. Government agencies seem to be most prone to those relentless beatings, according to a report by Risk Based Security (RBS) that will be released Thursday.

According to the study, 99 organizations have been hit by multiple data breaches in 2015 alone (one as many as a dozen times), and 21 of them were in government.

By Risk Based Security's count, over the 10 years they've been collecting breach data, 1,400 organizations have had their records exposed on several occasions. On their list of the Top 10 "Most Breached Organizations of All Time," six are government entities: the U.S. Office of Veteran's Affairs (39 incidents), the U.S. Postal Service (25), the United Kingdom's Ministry of Defense (18), the U.S. Department of Defense (17), the U.S. Army (16), and the Internal Revenue Service (16).

Credit data company Experian holds the unfortunate title of most-breached, with 56 incidents.

The researchers also call out the U.S. Office of Personnel Management, which suffered one of the worst incidents of 2015. This year's breach exposed personal data on 21.5 million current and former federal employees, contractors, job candidates, and employees' relatives. It exposed data from background checks, Social Security numbers, residency history, employment history, family, health, financial history, and 5.6 million fingerprints. But that wasn't the only blemish on OPM's security record. OPM's network was broken into in March 2014, and more data was exposed after credentials had been lifted from a third party. 

Why is government hit so often? Jake Kouns, CISO of RBS, attributes a variety a variety of factors. It's "where the juicy information is right now," the scale of the agencies' environments and assets is "massive," and they have countless vacancies in security positions. "Whether you believe that nation-states are always targeting them or not," he says, "there's some fire where there's smoke."

Government breaches are also, on average, bigger. Government accounted for only 12.3% of incidents, but 23.5% of exposed records -- 232,956 records per incident. Federal agencies were the worst offenders.

Therefore, it's no surprise that when broken down by state (counting the District of Columbia as a state), D.C. claimed the number 2 spot on the list of the sources of most exposed records in the United States. The only state responsible for more exposed records was Indiana, home to the corporate headquarters of Anthem Blue Cross Blue Shield, victim of 2015's largest breach.

"Most government organizations do have a lot of data, so when they have a breach it's going to be catastrophic," Kouns says. 

According to the study, 99 organizations have been hit by multiple data breaches in 2015 alone (one as many as a dozen times), and 21 of them were in government.

Overall, across all sectors, hacking was responsible for 66.3% of breach incidents, and 83.2% of exposed records. Outside attackers committed 78.5% of incidents, accounting for 82.9% of exposed records. Meanwhile, malicious insiders committed 7.3% of incidents, accounting for only 1.0% of records.

The fact that hacking and outsiders are not only the source of the most attacks but the most damaging attacks is noteworthy. It's a shift that Kouns says began began a couple years ago and has accelerated. Once upon a time, there might be loads of outside hackers trying to bang away at your network, but the severe attack would come from "the trusted insider" with malicious intentions. Now the reverse is true.

In the first nine months of 2015, 3006 incidents have been reported, exposing 366 million records. Although that's far fewer records than 2014 numbers, it's more incidents in a nine-month time frame than RBS has ever seen in the 10 years they've been collecting this data.

 

The good news is that most breaches are quite small. Forty percent expose only 100 records or less. 

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.