Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/30/2019
06:15 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Database Leaks, Network Traffic Top Data Exfiltration Methods

Intellectual property and personally identifiable information tie for the type of data IT practitioners are worried about losing.

Today's IT and security pros are no strangers to data theft: 61% have experienced a data breach at their current company; 48% at a previous company. On average, each has dealt with six.

Researchers surveyed 700 IT and security professionals as part of McAfee's new report "Grand Theft Data II: The Drivers and Shifting State of Data Breaches." They found data breaches are more severe and under greater scrutiny, with 73% requiring public disclosure or affecting organizations' financial results over the past three years – up five points from 2015, they report.

There are multiple factors contributing to the rise in disclosures, says Candace Worley, chief technical strategist at McAfee. One is the rise of regulation like the European Union's General Data Protection Regulation (GDPR), which imposes a fine of €20 million or 4% of worldwide annual revenue for noncompliance of its rules, which include failure to report data breaches.

"That's not something anybody takes lightly," says Worley, who also points to larger, more advanced breaches as a driver of the trend. "We see very complex, very sophisticated attacks and campaigns affecting organizations," she adds. It can take companies a longer amount of time to detect a breach; the longer an attacker is on a network, the more data they can take.

GDPR is also the reason businesses are more concerned about theft of intellectual property (IP), which for the first time tied with personally identifiable information (PII) as the data categories with the highest potential impact, as indicated by 43% of respondents. IP theft is of even greater concern among Asia-Pacific countries, where 51% deemed it highest potential impact.

"It's obviously a very competitive global market," says Worley. "There are various players out there in the space that target IP. I think that's an increasing concern for companies."

PII is historically a major target for cybercriminals because it's easily monetized on the Dark Web, she continues. But there's "a mix of different players" who may go after IP, including nation-state attackers who are less interested in money and more curious about the data itself.

Exfiltration Tactics

The most common means for stealing data depend on who is taking it and where they're taking it from. Database leaks (38%), network traffic (37%), file shares (36%), and corporate email (36%) are most popular overall. Corporate email is top in North America; USB drives are the number-one exfiltration vector in Europe and APAC. Email is most common with insider threats.

"Databases are typically where the crown jewels of an organization are kept," says Worley. Having strong controls around your database, especially with respect to who is accessing it, is imperative when considering the value of information stored in a corporate database.

Who is taking the data? External attackers (hackers, malware authors, organized crime, nation-states, activitists) are behind 61% of data theft instances, up from 57% in 2015. The biggest change was in malware-driven theft, which reached 29%, up from 23% three years prior.

There are also inside actors (employees, contractors, and other parties) whose access can put an organization at risk. Employee-driven breaches make up nearly 60% of internal incidents. Accidental breaches increased by four points (27% to 31%) in the past three years while intentional theft dropped six points (30% to 24%).

Researchers found IT or security departments are involved with 52% of all data leakage; business ops fell second at 29%.

Cloudy Concerns

Cloud applications and infrastructure are broadly deployed but don't appear to cause any more breaches than traditional networks and data centers. Nearly half (46%) of organizations polled use a hybrid cloud approach to data storage, and 29% are cloud-only. About two-thirds of breaches occurred on traditional networks, respondents said, and one-third were in the cloud.

While cloud "is not quite the wild wild west anymore," as Worley puts it, there are still myriad factors to consider when moving to cloud. She points to the shared responsibility model as an example. "That's an area where there's just still a lot of moving parts for organizations as they try to contemplate how their security program needs to change as they move to the cloud," she adds. Whether they're managing IaaS or SaaS, they need to determine how to configure their environments in a secure way.

Related Content:

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6852
PUBLISHED: 2019-11-20
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har...
CVE-2019-6853
PUBLISHED: 2019-11-20
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.
CVE-2013-2092
PUBLISHED: 2019-11-20
Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php.
CVE-2013-2093
PUBLISHED: 2019-11-20
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
CVE-2015-3166
PUBLISHED: 2019-11-20
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as d...