We continue with our “007 Life Lessons through the Verizon Breach Report” series, which combines lessons from the gadget wielding international crime-fighter, James Bond with data from the DBIR to secure our enterprises. Today is the turn of lesson 4: Importance of country.
These lessons come from a recent presentation by our CEO Anders Norremo and Jason Torres from Rush University Medical Center at the 7th Annual Hacking Conference by ISACA and The Institute of Internal Auditors.
The importance of country
According to the following numbers from the FBI Internet Crime Complaint Center (IC3), the enemy is usually closer than we think or expect:
With a significant amount of attacks coming from the victim’s same country, state or city, it’s worth the peek inside. Do we have a constant view into who our enemies are that are attacking our firewalls, sending malicious emails, or poking our web apps?
As we saw in a previous life lesson about identity, many of the breaches we commonly see involve some sort of identity hijacking or impersonation. The proliferation of SaaS, combined with the uptick in remote work during the pandemic, exacerbated the credential problem, as there are too many users getting into too many systems.
Do we know ourselves and our security teams? How can we ensure that identity is being checked both inside the business as well as in our third-parties?
Fortunately, we live in a country that wants to help. Apart from working on improving our cybersecurity game, we can always turn to the agencies in the US to help with our security posture. We need to work together – hence the “importance of country” that inspired this life lesson.
The FBI or the Secret Service Electronic Crimes Task Force are some examples of authorities that could certainly help discuss scenarios and offer their insights regarding cyber crime issues. It’s worth making strategic partnerships to protect our enterprises.
How does this relate to the Verizon Data Breach Investigation Report and James Bond?
Verizon’s breach report draws parallels to the Bond movies when it comes to financial motivations. For example, SPECTR is a commercial enterprise seeking financial gain, and antagonist Elliott Carver was driven by owning the biggest news network on the planet.
They are financially motivated, and so are cybercriminals nowadays, according to the report. In fact, we see that the actor motive in the great majority of data breaches is financial, way above espionage.
Another interesting takeaway is that when we look at the actors, we find employees are not the weakest link, although we usually hear the opposite.
James Bond had double agents that would backstab him from time to time, but most often the enemy was well known and defined. Same thing happens in the real world.
We can’t ignore the fact that 30% of data breaches are linked to internal actors. But while some are criminal in nature, the report says many are simple mistakes. The rise in internal actors in the dataset these past few years might probably be an artifact of increased reporting of internal errors rather than evidence of actual malice from internal actors.
Back to the core of this blog, our advice is to work together with industry peers and the federal government to help strengthen your security posture.
“It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.“
-Sun Tzu, “The Art of War”
Are you turning to your country for help?
To learn more about how ThirdPartyTrust can help you manage third-party risk across your organization, request your free trial now:
