October is cybersecurity month. On this occasion, consultants, specialists and other actors are pushing cybersecurity and its data to the forefront. In Europe, consulting firm Wavestone, recently presented conclusions of its study dedicated to incidents encountered by companies in this area. With one observation: pirates, whose primary motivation remains financial gain, have limited technical capabilities. Their attacks could therefore easily be countered, provided they are identified en on time.
Money remains the primary goal. According to the firm, nearly half of hackers (43%) would respond to the lure of financial gain. Mostly due to ransomware, incidents can become more widespread when fraudulent actions follow them.
Data theft, an operation that aims to gain access to specific business data – such as customer contact details or bank identifiers, is estimated to account for 34% of attacks. It should be noted that with the prominence of social networks, seizing a company’s public image can also be extremely damaging to an organisation. This represents about 4% of hacking cases.
167 days to detect an intrusion!
As a firm, the fact that your data may be compromised does not mean that you are the final target of an attack. About 4% of attacks on companies are aimed at finding out about their partners; or strengthening the pirate’s strategies.
To thwart these threats, nothing beats day-to-day monitoring of the systems. The companies best equipped at this level (50% of all those surveyed) succeed in stopping criminal activity in less than two days, noted Wavestone. Those who do not pay much attention to these issues would only detect the intrusion after 167 days – almost six months(!) – on average.
Another “even more worrying” fact: the company’s cybersecurity detection service identifies only 26% of security incidents. In 44% of cases, employees gave the alert.
This is cause for alarm about the methods used by organisations. One of those who participated in the panel took up to six years to detect an attack!
Cyber attackers have limited skills
If there is one qualifier to describe the overwhelming majority of pirates, it is that of an opportunist. About 65% of them do not target a specific company or attack technique. They simply look for the vulnerabilities that will allow them to take control of a weak or poorly protected system. “These intrusions could be avoided if security measures were above average,” according to Wavestone. In one out of three cases, criminals exploit a vulnerable web application to achieve their objective. These tools “are all easily accessible gateways”.
For about 20% of the attacks studied, it was impossible to determine the means used by the pirates to carry out their offence.
In terms of populations, the attackers have relatively diverse profiles. 21% would depend on large cybercriminal organisations, 26% on smaller but methodical groups and 26% would act alone. While computer science students – nicknamed “script kiddies” – would represent no less than 17% of cases; internal employees of the affected companies could be responsible for 8% of the attacks.
In the latter case, employees are most often the unaware cause of attacks. The human vulnerability remains one of the most easily used one, whether through technology (even more with the rise of the “BYOD” – Bring Your Own Device) or social engineering.
Organisations need to adapt and structure their cybersecurity processes to take this into consideration and, not only, be able to identify threats but also educate and empower employees to “de-risk” them.
Note: These data come from the consolidation of anonymized data from 40 incident responses conducted by CERT-Wavestone between September 2018 and August 2019 among 40 organizations belonging to the Top 200 French companies, from 10 different sectors of activity