With respect to breaches caused by recently terminated employees, the following two scenarios were observed:
Third Party Threats
The predominant method of attack that the Verizon team observed used default passwords or shared credentials. This timely reminder that identity and access management are key to protecting the enterprise warrants an immediate review of access controls. Once the attacker gains access in most cases they installed malware that captured more credentials via key stroke logging and opened up a back door to allow the attacker to return to the compromised machine and transfer stolen information.
Verizons report on 2008 data breaches and their causes marks a turning point in the world threatscape. It effectively documents the predominance of targeted attacks against data stores that will lead to financial gain on the part of the attackers. The first hand knowledge gained by Verizon researchers now paints a picture of well funded, organized attempts to pick targets, usually financial services or retail operations, and execute attacks over a period of months that are ultimately successful.
Most security standards were designed specifically to counter targeted attacks yet organizations have invested the most in fighting worms, viruses, spyware, and spam. Last year it became evident there is a large community of attackers who will seek out and compromise the defenses of any organization that has not shifted gears to accommodate the besieged environment now evident.
Every IT security professional and every IT leader should read Verizons report and begin to re-think their defensive strategies. Failure to do so may mean becoming a victim of a targeted attack and thereby becoming a subject of next years report.
Richard Stiennon is a security industry analyst. He writes the security blog for ThreatChaos.com and has re-launched IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors. Most recently Richard was chief marketing officer for Fortinet, the leading UTM vendor. Prior to Fortinet he was VP of Threat Research at Webroot Software.