By Michael Marriott, Digital Shadows security expert
High profile data breaches are regularly in the news and, seemingly, businesses and are losing the battle to protect their intellectual property (IP), corporate, and customer data from the threats posed by professional cybercriminals.
It is no surprise that financial gain is the single biggest motivator for cyberattacks. The 2016 Verizon Data Breach Investigations Report highlighted that financial gain and espionage accounted for more than 89% of all data breaches they studies. Financial gain was by far the biggest single reason for attacks, beating espionage and all other objectives into a distant second place.
This is big business for cybercriminals.
To deal with the threats posed by these breaches, organisations, have to get on the front foot when protecting their intellectual property. Firstly, by identifying the location and protections around critical IP, secondly keeping a watchful eye on the types of attackers and the methods they might use to obtain it.
But despite the excitement, which is often rightly directed at new viruses or malware or attack techniques, it is exploit kits that remain one of cybercriminals’ most reliable and trusted delivery mechanisms to embed malware and conduct malicious activity. And, even as an exploit kit gets shut down, others pick up the slack and continue to deliver their payloads.
Our report, “In the Business of Exploitation”, found that the vulnerabilities exploited by the top 22 exploit kits showed that Adobe Flash Player was likely to be the most targeted software, with 27 of the 76 identified vulnerabilities exploited taking advantage of this software.
Understanding the most commonly exploited software, and the most frequently targeted vulnerabilities, can aid in mitigating the threat posed by exploit kits and prioritising their patching.
To protect their IP it is critical that a company evaluates their security using the perspective of an attacker, which helps prioritise the work to address potential vulnerabilities. This could involve looking at where their organisation is exposed on social media sites, points of compromise, and looking for evidence of previous attacks across the visible, dark, and deep web. The military use the term situational awareness, and we believe that it is useful for companies to use this approach when considering their cybersecurity controls.
Companies can therefore remain quick to respond to incidents and limit the consequences of any potential breach. That way they can remove information from public view by issuing takedown requests as soon as an organisation finds its information being shared advertised or sold on the web. Similarly, by knowing what information is compromised, passwords can be changed, customers notified and points of weakness fixed.
By being proactive, organisations can tailor their defenses and make better, more informed business decisions. In a world of complexity and uncertainty, this kind of illuminating context is key to preventing vital IP falling in to the wrong hands.