75% of Breaches Financially Motivated, 20% Are Espionage
(Page 2 of 2)
"We see the level of sophistication and organization rapidly increasing, and for the most part, are unable to cope with the emerging threat they pose. What worries corporations and governmental entities is the level of risk offered by state-sponsored groups," Pickering said.
"They have resources and skills to pull off large-scale IP theft, which first gained public media attention though the Aurora hack in 2009. And that threat hasn't lessened over time. If anything, it's more prevalent. It also shows us that companies with intellectual property have a lot to lose. We're not just seeing fraud attacks anymore, but skilled exfiltration of this country's corporate secrets."
Jim Butterworth, chief security officer at HBGary, is not surprised that the number of incidents is going up. He told us people are still using antiquated indicators or signature-based solutions to find tomorrow's threat.
"The attackers are creating malware using custom code that can't be detected by IOCs or anti-virus," Butterworth told us. "Targeted attacks are not like a computer virus that can be handled like a cyber-housekeeping duty. Instead, organizations need to invest in technology, people and processes to respond quickly to these types of threats."
A Sobering State of the Union
We also spoke with Ori Eisen, founder, chairman and CIO of 41st Parameter, about the study. He said the report is sobering and reflects the state of the union.
"It manifests the prediction that in due time, the network itself will become the weakest link, based on the core technology it is built on, namely, the TCP/IP protocol," Eisen said. "When the Internet began in the mid-'90s, budding e-commerce players jumped in. There was a period of trepidation and wait-and-see attitude in corporations to see if this was a fad or a trend."
Eisen said we've all since jumped in -- and the warnings of 20 years about security and what could happen have been lost in the shuffle. As he sees it, the 2013 report is a reminder that without ample security layers on top of the inherently insecure TCP/IP protocol -- any online estate is exposed.
What's more, he said, the scale and growth of DDoS and other breaches tells us that there is a need for a more secure network, which will have a different underpinning -- this time, with security built-in from the ground up.
"Until then, executives who read the report should ask themselves if they have fortified their online estate to the maximum possible, given the state-of-the-art tools that are commercially available," Eisen said. "These include a security and fraud detection system that detects the four main touch points of the digital consumer journey: account opening/registration, account log-in/authentication, account takeover, and transactional anomaly detection.
"With device intelligence and a layered fraud solution even when credentials are breached, their customers remain protected."