Jan 22, 2014 10:47 AM EST
A data breach is commonly referenced as the release of data from a system without the knowledge or consent of its owner. Trend Micro describes this data as proprietary in nature. Any type of acquisition by external parties may cause harm to the organization. The data comprises personally identifiable information (PII), customer data and more.
Trend Micro
Data breaches can be instigated by malicious attackers or can accidentally occur states Trend Micro. Before an attack can take place, the attacker must first identify a target. Once the cybercriminal has selected a target with the motive of either causing annoyance, harm, or damage or of extracting profit from the breach, he proceeds as follows:
Research: The cybercriminal looks for a weakness in the target's people, systems, or networks.
Attack: The cybercriminal makes initial contact with the target through either a network.
Network attack: The attacker uses infrastructure, system, and application weaknesses.
Social attack: On the other hand, uses tactics that have an element of social engineering.
Exfiltration: The cybercriminal extracts and transmits data back to him. This data can be proprietary.
*Trend Micro
According to reports published by Dataloss.db, three of the 20 largest data breaches of all time occurred in 2011. Considering that we’re only a little over halfway through the year, it’s easy to say that this data breach issue is escalating. In line with this, Trend Micro researchers stated their observations on what the escalation suggests and what organizations as well as individuals can do to mitigate and prevent such breaches:
A broader attack surface increases the number of opportunities for cybercriminals to launch attacks. The adoption of new and varied software platforms, devices and technologies and network segments, the interaction of all these with each other in the conduct of business inevitably broadens the attack surface available for cybercriminals. Remember that cybercriminals only need to find a single weakness that they can exploit, and having many points of vulnerability to choose from makes it easier for them to conduct a successful attack.
The company explains that furthermore, consumerization—the trend wherein new IT devices and tools first emerge in the consumer space then make their way into the enterprise space—is forcing enterprises to embrace, adapt, or follow suit, thus contributing to the inherent difficulty of keeping total control over data access.
“The mobile workforce culture also presents additional challenges to enterprises that want to protect their data.”
The human element is key. All it takes is a single employee, innocently but unknowingly acting against the company’s best interests to defeat its security perimeter. According to Trend Micro, we must keep in mind that social engineering—the manipulation of human weaknesses such as trust or curiosity—is an ever-present bane to any sufficiently secure infrastructure. Protection via perimeter defense no longer works; data access control and data access intelligence is key.
A paradigm shift in security mindset is necessary. Merely understanding and defending the many layers of your network from outsiders, granted this is already being properly done, is not enough. Any network-connected data should be able to defend itself from attacks. This holistic approach, in addition to strong employee education, should strengthen your company's overall security.
*Trend Micro