Menu

Cyber espionage the cause for most companies security breaches

A report by Verizon indicates that most security breaches against companies are cyber espionage with the intention to steal valuable company secrets.

Gregory Hale, ISSSource
06/23/2017

Insider threat, outside threat, malware, ransomware, terrorist, nation state attack, advanced persistent threat, distributed denial of service (DDoS), denial of service (DoS), phishing, or cyber espionage. 

While all are potential threats to any manufacturing enterprise, it appears cyber espionage is by far the most predominant pattern associated with breaches in manufacturing, according to the Verizon 2017 Data Breach Investigations Report (DBIR). While ransomware has been gaining traction throughout the industry over the past six months or so, the Verizon report said for manufacturers, "it is a safe bet that you worry quite a bit about hanging on to secrets. A whopping 90% of data stolen in Manufacturing was of the 'secrets' variety."

For a manufacturer, the intellectual property it possesses, whether it is a secret recipe, a creative new concept or a less expensive way to make a widget, makes a tempting target for thieves. Unlike the more run of the mill, "grab-the-loot-and-scram" attacks seen in other verticals, espionage attacks are typically aimed at more long-term results, the report said. "The criminals want to infiltrate the network, find out where the secrets are kept, and then sit and slowly siphon off the nectar for as long as they can," the report said.

Varieties of data breached within the manufacturing industry. Courtesy: ISSSource/DBIR reportIn this report, Verizon recorded 620 incidents, with 124 confirmed data disclosures. The top three patterns they found were cyber espionage, privilege misuse and a category they labeled "everything else" represent 96% of breaches within manufacturing. Other categories they found were miscellaneous errors, crimeware and physical theft and loss.

Gains in strategic advantage via espionage-related actions comprise the majority of breaches within this industry. Most are conducted by state-affiliated actors, but instances of internal espionage pilfering trade secrets are present as well. With attacks getting more sophisticated, hackers really don't focus on breaking into the intended target, rather the bad guy will go in through the front door via a phishing attack that contains a malicious link or attachment. That works because, let's face it, someone in a company will click on any kind of link sent via email. Then malware ends up installed and it creates a backdoor or C2, and the bad guys return at their leisure to footprint the network and take what they need. In fact, the social and malware combination occurred in 73% of breaches Verizon recorded in the manufacturing sector.

When state-affiliated actors are involved, their operations are targeted attacks, rather than opportunistic, the report said. In other words, the criminals are coming directly for a particular organization with a specific purpose in mind.

The next most common incident pattern, privilege misuse, (while only a very small sample size) is in some ways akin to the external espionage breaches discussed above. It often occurs when a disgruntled employee is tired of being kept down by "the man" and sets off to make their fortune elsewhere - but wants to take as much data as possible with them.

The following are tips Verizon suggested to avoid an attack:

Gregory Hale is editor and founder at ISSSource. He has over 25 years in the publishing industry. This article originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Carly Marchal, content specialist, CFE Media, cmarchal(at)cfemedia.com.

ONLINE extra

See more articles from ISSSource below. 

Related News
 Closing the loop on safety - 21.07.2017 00:03
 Develop safety through security - 29.04.2017 00:03
 IIoT security a major concern, according to survey - 25.04.2017 13:00
 Designing security for robots - 18.04.2017 13:00
 Fighting advanced DDoS attacks - 13.03.2017 13:00
 Industrial security threats to watch out for in 2017 - 08.03.2017 13:00
 Cybersecurity framework updated - 04.03.2017 13:00

Channels

Products

Visit Our Sites

Contact Us

Settings

Close Home
click me