Photo - Goh Chee Hoh, Managing Director for Trend Micro Malaysia, Singapore and Indonesia.
Cybercriminals are adopting a more strategic approach and driving up the number and severity of breaches worldwide, according to security solutions company Trend Micro Malaysia.
Goh Chee Hoh, managing director for Trend Micro Malaysia, Singapore and Indonesia, said the past 10 years have given us some of the United States' history's most high-profile data breaches.
"Cybercriminals are becoming more inventive in their attack methods of online extortion escalating beyond simple ransomware to hacktivists using data breaches to systematically destroy their targets, to ad-blocking software shaking up the advertising business and killing malvertising, often infiltrating and abusing existing technologies that are often overlooked," said Goh.
He said there was the AOL incident in 2005, where an insider leaked sensitive data. The Sony (2011) and Target (2014) incidents exposed millions of customer records. And this year alone, saw healthcare companies (Anthem), government agencies (OPM), and even online dating services (Ashley Madison) get hit with breaches of their own.
The magnitude of stolen information has been staggering, and the variety of which even more so, said Goh.
"Hackers are taking more strategic approaches, refining their approach and targeting more selective victims to improve their infection rates. It isn't just confined to the United States, Malaysia's threat landscape presents a growing statistic of businesses that has been affected by data breaches as well," he said.
Follow the data
Goh said that much of the attention surrounding these breaches has been focused on who's affected and how they can recover.
However, there was more to learn from studying what was stolen, he said. By following the data, investigators can better understand what attackers are looking for, how they use the data, how much it costs, and where it eventually ends up.
Numaan Huq of the Trend Micro Forward-Looking Threat Research team analysed a decade's worth of data breach information to gain insight into the odds at play when a company suffers a breach.
Huq's probability studies will allow companies to assess their current risk levels in order to come up with better strategies to defend their networks. They also help us prove if what we know about data breaches have merit or are just mere myths.
Myth #1: Hacking and malware are the leading causes of data breaches.
Although the news has been rife with stories of how certain malware or hacking groups were responsible for breaches, the truth is, most of them were actually caused by device loss. Overall, it accounts for 41 percent of all breaches compared to the 25 percent caused by hacking and malware.
Myth #2: Attackers go for personally identifiable information (PII) to reap the most data.
This is both true and false. Although PII is the most popular stolen record type, it doesn't guarantee an attacker more access to his target information. It really depends on the situation and the attacker's goal. If the aim is to get educational or health records, having a person's PII will give the attacker a higher chance of accessing those bits of information. If attackers really want to gain access to the proverbial keys to the kingdom, they would go for credentials, more specifically, the credentials of a network administrator.