Today, we live in a more technologically advanced world than how it was a decade ago. Broadband speeds have increased five-fold as every business and individual has an online presence. A valid example could be the rise in cloud technology, which is considered to be the future in cybersecurity. Because of ease of convenience of storing and sharing via a cloud server, many businesses are exploiting cloud technology and not considering its security, unless hit by a breach. Overall, the expansion of cyberspace is embarking on the need for cybersecurity. Christopher Novak, Global Director, Verizon Threat Research Advisory Center, in his exclusive webinar with EC-Council University via the ‘CyberTalks’ series, has addressed the growth of cybersecurity and the journey that it has undergone in the past, present, and what is expected for the future.
Watch the Cyber Talks by Christopher Novak now:
Novak introduced the ‘VTRAC’ from Verizon, where he specifically focuses on helping customers with things like digital forensics, breach investigations, incident response, and threat intelligence, which they do on a global basis for organizations of all shapes, sizes, and industries. He explains that his profile is not just investigating breaches; it is also about understanding the broader landscape and how they may be able to help from a cyber defense posture. Novak discusses the plethora of cybersecurity and its voluminous potential in the coming future.
Data Breach Investigation
Novak talks specifically on the first report, i.e., data breach investigations, as he found it the best perspective that can reflect past, present, and future of cybersecurity. The data breach investigations report is now in the 12th year of publication, recorded from 86 countries, and is based on 73 contributing organizations. The publication lists out 41,686 security incidents and 2,013 data breaches.
“The report is not just Verizon’s view, there are 73 contributors in total that help us put this report together, and the reason is we don’t want to be biased in the report, or at least we want to remove as much bias as we can by getting other organizations to contribute their data and their analytics and their perspective on what the landscape looks like from different angles,” Novak commented. He also explained that the report is a fair representation of the data and not concentrating on a particular country or region.
Referring to the initial challenges, Novak pointed out that big data was a challenge, and it was almost painful to figure out what to talk about and how to categorize it. He, along with his team, then followed the method that scientists typically follows to analyze DNA. He referred to breaches as diseases and, therefore, used the technique of decompiling or disassembling data into categories or genres.
The report refers to an ‘incident’ when something trips an alarm and requires some kind of review or investigation, whereas, ‘breaches’ in the report, stands for the situations where after having performed some level of investigation, the company confirms that there was an exposure or an impact to the confidentiality, or integrity of some form of sensitive or valuable data. The differentiation makes the valuation of data interesting. According to the chart, 98.5% of the security incidents and 88% of the confirmed breaches continued falling into defined categories since 2014.
Why are c-level executives targeted?
In this year’s report, it is observed that there is significant growth in the social breaches of c-level executives, which were not the case earlier. This year, senior executives have been targeted 12 times more than others for social incidents and nine times more targeted by social breaches than in the previous years. The majority of cyber crime was performed with a financial motive, and it appeared to be a driving factor to the attackers. Explaining why the c-level executives have been more heavilty targeted, Christopher Novak says that it is their influence, authority, and decision-making power towards sensitive information that attracts the attackers.
Is cloud not secure?
While talking about the type of breaches, Novak identified a shift in terms of the attacker’s behavior towards more cloud-based services. But, this does not mean that the increased amount of cloud breaches makes the cloud susceptible or riskier. In turn, Novak has pointed out that this rise is due to the ignorance and negligence of users when adopting security practices. Negligence on implementing multi-factor authentication and ignoring phishing attempts would lead to email hacking, which amounts to a more significant percentage of cloud-based attacks.
Example of a financially motivated social engineering attack:
The attack targets ‘Mr. John’, who works as an accountant at ABC Company.com. He receives a fake email from the attacker where the email describes a late payment and request John to process it. Ignoring the authenticity of the email, John goes to the website and logs in as the threat actor was savvy, saying, “go ahead and log in with whatever email password you have. We accept all of them.” When John entered his login credentials, the same is recorded with the attacker’s database, which is used to login to his official email account. The accountant has specific access over things like moving money, making wire transfers, and more, and the threat actor gained access to all of them.
The attacker bought a fake website whose website address and email domain are similar to that of the ABC Company.com. The threat actor now quickly transacts with ABC Company clients, and unless someone notices it, it is not identifiable.
The threat actor then creates another fake email address by name, [email protected], which looks like that of the original CFO email address. Next, the threat actor creates counterfeit invoices, which are similar to the original ones that the attacker has collected from the email account of Mr. John. For example, if the threat actor prepares two invoices of the amount of $395,000 and $774,000, and then according to the payment process of ABC Company.com, the attacker sends them to the fake CFO email address for approval, which is later processed for clearance. The threat actor with only seven days of effort can get 1.2 million dollars sanctioned from the company.
The example by Christopher Novak points out how insider’s negligence is helping attackers in accomplish criminal objectives. Significantly, each one of us should be aware of cybersecurity standards, and security practice should be implemented at all levels in the organizations. To learn the fundamentals and stand vigilant to the attempts that a threat vector initiates continuously, everyone should be trained on cybersecurity. The first course of EC-Council, Certified Secure Computer User (C|SCU), provides the necessary knowledge and skills to protect their information assets. The certification empowers students’ progress in any corporate world.
|There are two parts to the entire webinar. For more, take a look at the next part here.|