Breach case studies offer cybersecurity guidance, reassurance for businesses

Growing number of cybersecurity exemplars are painting a cautionary tale for every business

Australian businesses have traditionally kept mum about the circumstances and repercussions of data breaches, but better threat intelligence services and a growing culture of sharing are building out a growing library of best-practice examples that are giving depth to vague warnings about cybersecurity breaches.

Verizon’s 2017 Data Breach Digest (DBD), the latest iteration of its offshoot of the firm’s annual Data Breach Investigations Report (DBIR), has drawn out narratives around 16 different cybersecurity breaches that were reported to the firm as part of its activities.

The compromises detailed within the 100-page report are grouped into four broad categories, including The Human Element, Conduit Devices, Configuration Exploitation, and Malicious Software. With titles ranging from ‘the Panda Monium’ and ‘Hot Tamale’ to ‘Fetid Cheez and ‘Absolute Zero’, the focus of this year’s report has expanded from last year to address the perspectives of business stakeholders and customers as well as technical staff.

Efforts to not only share information about past breaches, but to do so in an open and engaging way, are helping to demystify cybersecurity and break down the barriers behind which many victims have traditionally hidden, Ashish Thapar, managing principal for investigative response within Verizon Enterprise Solutions, told CSO Australia.

Such breaches “are not really the remit of just IT anymore,” he explained. “A lot of times when these things happen, people can think they’re the only people that have ever experienced this kind of thing.”

“Reading the scenarios does make people feel a little better, and we are trying to remove the fear so organisations can really get expert advice and be better informed. The report will ignite conversations in every organisation where information security steering committees, who may only have looked at policy developments, may actually start talking about executive situations

Verizon, which this month opened its Asia-Pacific Advanced Security Operations Centre security operations centre in Australia to support its global leadership in cybersecurity consulting and 9 other such facilities around the world.

Yet Verizon is not the only firm working to humanise the face of cybersecurity compromises. SecureWorks also recently weighed in with a series of breach case studies published in its 2017 Cybersecurity Threat Insights Report Leaders: Partnering to Fight Cybercrime report – with an upcoming companion webinar set to air on 9 March – that embodies the results of the 163 incident response engagements handle by the firm’s Counter Threat Unit (CTU) during the first half of 2016.

“The focus on victims here means that we’re seeing firsthand what threats are having a very real impact,” the report’s authors note. “This also means that we get to observe what security operations — people, process and technology — organizations have in place and provide guidance that will actually resolve the issues these organizations face.”

One profiled manufacturer, for example, called in the CTU team to investigate a virus outbreak and was stunned to discover a range of other malware infections that had compromised over 50 percent of its endpoints and installed hacking tools including banking Trojans, Bitcoin mining malware, and remote-access Trojans that had been sent to C-level executives.

Forensic analysis led the SecureWorks team to blame three core problems, including the prevalence of uncontrolled administrative privileges; ongoing use of Windows XP on “a large number of servers”; and limited capabilities to respond to an attack.

“All of these oversights had to do with the fundamental security hygiene in place,” the report’s authors warned. “Even with security technology, an insufficient emphasis on security fundamentals had left its network exposed and vulnerable.”

Improving visibility of organisational security posture is critical to resolving this issue, and growing use of burgeoning threat-intelligence services is providing the necessary insight for service providers and business users alike. The SafeNet Breach Level Index, for one, is maintaining a running list of reported data breaches that offers rich insight into the extent of the real cybersecurity threat.