Humans continue to play a significant role in data breaches and cyber security incidents, fulfilling the roles of threat actors, targeted victims and incident response stakeholders, according to new research.
Data breaches are also becoming more complex and are no longer confined to the IT group. They now touch every part of an organisation up to and including its board of directors, Verizon’s 2017 Data Breach Digest found.
The digest details 16 common breach scenarios, but many permutations occur within each, leading to an expansive range of damage that is observed in the aftermath of a data breach.
The breach scenarios were divvied up into four clustered groupings, which included:
- The human element. Four scenarios highlighting human-related threat actors or targeted victims;
- Conduit devices. Four scenarios covering device misuse or tampering;
- Configuration exploitation. Four scenarios focusing on reconfigured or misconfigured settings; and
- Malicious software. Four scenarios centering on sophisticated or special-purpose illicit software.
According to data from the Verizon’s Vocabulary for Event Recording and Incident Sharing (VERIS) dataset, the ‘social threat’ action was used in just under one-third of confirmed data breaches. It ranked behind threat action categories of hacking and malware in prevalence.
For threat actors, the tactics and techniques used to manipulate or take advantage of victims include phishing (92 per cent), pretexting (42 per cent), and bribery/solicitation (3 per cent).
“As one would expect, email is the primary means of communication to the target (95 per cent), followed by in-person deception (2 per cent), and phone calls (2 per cent) with a small amount of overlap across three means of communication,” the report said.
Social actions are typically part of a blended attack with a successful installation of malware usually a means to an initial foothold or a piece of information to further an attack.
Threat action varieties most attributable to human victims including social (where human assets are compromised), misuse (where humans are under your employ are the threat actor), and error (where humans are ‘goofing’ around).
“When we look at our VERIS data over the previous three years, we see that almost half (49 per cent) of all breaches involve one or more of these human elements,” the report said.
The report points to five actions an organisation should take following a breach. They are:
- Preserve evidence, consider the consequences of every action taken;
- Be flexible, adapt to evolving situations;
- Establish consistent methods for communication;
- Know your limitations, collaborate with other key stakeholders; and
- Document actions and findings and be prepared to explain them.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.