Understanding the Anatomy of Data Breaches Industry-by-Industry

Anthony Freed
By | October 24, 2012

Posted in: Network Security Trends

Every industry vertical is faced with the prospect that sensitive data can and will be stolen, and each sector faces unique challenges when it come to protecting information critical to their long term viability, according to a series of newly released reports that examine the anatomy of data breaches on a granular basis for several major industry sectors.

The reports are snapshots based on data from the more generalized 2011 and 2012 Data Breach Investigation Reports, and offer an in-depth look at the various methods of attack and their impact on the healthcare, retail, hospitality, and financial services sectors, as well as examining specific threats to intellectual property across all industries.

“Understanding what happens when a data breach occurs is critical to proactive prevention. Through our more targeted analysis, we are hoping to provide answers to businesses around the globe that want to protect not only their data but their reputation,” said Wade Baker of Verizon's RISK team in a press release.

Key findings for the financial services and insurance industries indicate that their high-value nature makes this sector more prone to targeted attacks that are methodical in their makeup. Attackers are generally seeking to misappropriate cash, either directly by engaging in fraudulent transactions from financial accounts, or indirectly by what the reports terms as "downstream fraud". The researchers found that ATMs represent a primary target for criminal activity, as well as the compromising of account credentials by exploiting insecure network applications.

For the healthcare sector, the primary targets are small to medium sized organizations, and the majority of breaches occur in the point of sale (POS) systems where organized criminal gangs are after payment data like credit card information, or are seeking personally identifiable information contained in electronic medical records which can be used for identity theft.

The retail sector is also a favorite for the theft of payment information, and similarly the POS systems are the weak link, as criminals focus on targeting weak authentication credentials and often use vulnerabilities in remote access technologies. "The most vulnerable are franchises and other small and medium-size businesses, which often lack in-house resources and expertise to manage their own security. Consequently, these businesses often rely on ill-equipped third-party vendors," the report notes.

The hospitality industry, which includes restaurants and hotels, has suffered the largest number of breaches according to the reports, and again the POS systems are the most vulnerable avenues of exploitation by criminals.

In addition to these industry verticals, the reports also take a look specifically at threats to Intellectual property (IP), which represent the crown jewels of any enterprise. The loss of this data can undermine a company's competitive stance and threaten its long term viability. The reports reveal that while it may only take a few hours for an attacker to exfiltrate this valuable data, it usually takes years for the theft to be discovered.

The researchers also found that almost half of all instances of IP loss involved assistance from a trusted insider, with two-thirds of those being employees, though the insider threat can take many forms.

"Insider threats are a serious problem. They can include employees as well as vendors who perform work for the company in overseas in countries. They also include IP losses due to legitimate reasons such as technology transfer that occurs when a Multinational corporation hires foreign engineers who work for the company for two years and then leave to join a local company where they apply the product knowledge that they learned at their previous employer. And none of these threat vectors require a single piece of malware to exploit," said security expert Jeffrey Carr of Taia Global.

The reports note that regardless of industry vertical, methods employed for committing IP theft tend to be varied - from hacking and the use of malware, to social engineering and misuse of access. The reports also indicate that the attackers tend to be very tenacious, trying multiple combinations of tactics until they are successful.

The snapshot reports for each industry sector as well as the special report on IP theft are available for review here.

You May Also Be Interested In: