Three years ago the hospitality industry was one of the most targeted by cyber criminals. Two years ago the food and beverage industry took the top slot, and this past year, according to the "2013 Trustwave Global Security Report," the retail industry assumed the unwelcome title. What do these industries share in common that has put them at the forefront of the cyber crime world? Can we identify trends that can help predict who the next target may be? If so, what can companies learn from identifying them?
It is important to understand that attacks are not motivated by industry. Cyber criminals don't care who you are or what you do. They don't care about policies or business models, and they certainly don't care about specific industries. What is their primary interest? Money.
Any organization that stores, processes, or transmits cardholder data either has already been breached, is in the process of being breached, or is about to be breached. Unless they take the necessary measures to defend themselves, they will become another statistic. Carding websites created by miscreants, where cardholder data is bought and sold by millions, are surfacing in alarming numbers. Some criminal forums have thousands of members, all laser-focused on a single objective - stealing cardholder data.
After conducting more than 1,000 unique forensic investigations, Trustwave has identified several common factors that are present in every breach. They are rules that attackers must follow. In the "2013 Trustwave Global Security Report," we refer to this as the breach quadrilateral. Infiltration (bad guy in), propagation (bad guy moves within target network), aggregation (bad guy takes stuff), and finally exfiltration (bad guy makes get away with stolen stuff). If any one of these elements is not possible, their goal cannot be accomplished.
By having a better understanding of this process, organizations can develop an effective strategy to defend against potential attacks.
In the simplest terms, businesses need to wake up and realize they are facing many threats. To better protect itself, an organization should build a formidable defensive position, which includes preventing infiltration and exfiltration. By eliminating the pathway into and out of a target network, data theft becomes nearly impossible. This can partially be accomplished through simple administrative steps:
- Change your passwords and make them unique
- Control remote access
- Install a properly configured firewall (with ingress and egress filtering)
If you can implement these three steps in addition to developing a lifecycle security plan, you will exponentially reduce your chances of falling victim to a breach.
It is a lack of understanding that is the driver behind becoming a victim. Businesses must understand that they need to take cyber security just as seriously as physical security, if not more so. If a cyber criminal is able to access your payment systems, he can take any payment data that is stored, as well as establish a foothold to facilitate data harvesting for any future purchases.
Breaches are occurring now more than ever. The question businesses need to ask themselves is: "Are we choosing to be victims?"