Cybercriminals do not have a singular modus operandi when it comes to stealing data
About 52% of all organizations have teams working on threat hunting, while 30% are planning to join the bandwagon soon
NEW DELHI :
Data theft has emerged as one of the biggest concerns as cybercriminals are increasingly going after more critical data for greater leverage over companies. In September 2018, personal information including credit card details of 380,000 passengers of British Airways was reportedly stolen. A cyber attack on Singapore’s largest healthcare institution, SingHealth, in July 2018, compromised non-medical details of 1.5 million patients, including the country’s Prime Minister.
According to McAfee’s data exfiltration report, called Grand Theft Data II – The Drivers and Shifting State of Data Breaches, published today, 43% of the participants were greatly concerned about theft of personally identifiable information and intellectual property. On the other hand, 30% found theft of payment card details more distressing, even though the report claims that payment card is not a big target because of new payment technologies and improved fraud detection systems. The concern over the personally identifiable information is higher in Europe due to the roll out of General Data Protection Regulation (GDPR) in May 2018, which mandates heavy penalty on companies for failure to communicate data breaches to users. Theft of intellectual property is a bigger concern in the Asia-Pacific region.
The frequency of data breaches appears to be increasing too, as 61% reported a breach at their current company while 48% reported the same at their previous companies. Also, in the last three years, organizations facing serious data breaches that required full public disclosure have gone up from 68% to 73%, claims the report.
Cybercriminals do not have a singular modus operandi when it comes to stealing data. In addition to database leak and interception of network traffic, they are also targeting corporate email, personal email, cloud applications and in some cases removable USB drives, stolen computers and printers.
Over half of the participants blamed IT teams for not being able to prevent data breaches, while 81% are of the opinion that cybersecurity solutions continue to operate in isolation, with separate policies or management consoles for cloud access security broker and data loss prevention. This is causing delays in detection and reaction. IT professionals feel part of the blame lies with C-level executives, with 55% saying they feel that C-level execs should lose their job if data breach is serious as many of them often insist on having more lenient security policies for themselves.
Many participants feel the attacks can be significantly reduced with education on corporate policies and appropriate online behaviour. Real time threat detection is also believed to be more effective when it comes to finding threats quickly. About 52% of all organizations have teams working on threat hunting, while 30% are planning to join the bandwagon soon.
Experts at McAfee feel companies need to have a cybersecurity strategy in place to deal with such attacks in a more organised manner. “Organizations need to augment security measures by implementing a culture of security and emphasizing that all employees are part of an organization’s security posture and not just the IT team. To stay ahead of threats, it is critical companies provide a holistic approach to improving the security process by not only utilizing an integrated security solution but also practicing good security hygiene," said Candace Worley, vice president and chief technical strategist, McAfee, in an official press statement.
The McAfee report was based on a survey involving up to 5,000 workers in commercial organizations, over 5,000 workers in enterprise organizations and 700 IT and security professionals. The participants were based in US, UK, India, Australia, Canada, France, Germany and Singapore.