2009 DBIR: Attack targeting
Dave HylenderApril 15th, 2009
In our report we found it helpful to further break down the standard classifications of attacks, opportunistic and targeted, into three categories:
Random opportunistic – victim randomly selected
Directed opportunistic – victim selected, but only because they were known to have a particular exploitable weakness
Fully targeted – victim was chosen and then attack planned
In 2008, fully targeted attacks rose to a 5 year high, and accounted for 90% of total records compromised in 2008 (by comparison, it was 14% in last years model). We have said in the past that if criminals (particularly organized crime with its vast resources) take aim at your organization and attack you with enough intensity over a long enough time span it is likely that they will breach your perimeter. The caseload for this report seems to go a long way toward proving this to be true.
At the same time, the majority of attacks were not fully targeted, but were of the more opportunistic variety. The old adage of the deer and the bear applies here. When being chased by a bear you don’t have to be the fastest deer, you just have to be faster than the one next to you. In other words, set up your defenses in such a way as to minimize your chances of being the target for these kinds of attacks. This can be attempted in a variety of ways. One important element is to retain as little data as possible in the first place. If you don’t absolutely have to have if for business reasons, or if your legal department doesn’t insist on it (good luck), then get rid of it. Also, know where your critical information resides at all times, and who has access to it. You may feel that you don’t have the time or resources to do this. Relax, if you don’t find it the criminals will do it for you for free.
Tags: Computer Crime, Cybercrime, Data Breach Report, Data Breaches, Data Compromise, forensics, Information Security
