How different threats affect different industries
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
The types of data breaches suffered by an organisation depend which industry it operates in, finds a report by Verizon Business
Different industries suffer different kinds of security breaches, according to a report into patterns in e-crime by forensic experts at Verizon Business. The analysis is based on over 500 security incidents over the last three years where Verizon Business was called in to investigate.
Researchers found that the financial services industry faced a much greater risk of insider attack compared with other industries, with attacks more likely to be more sustained and sophisticated than elsewhere. However, the sector was also more likely to discover the existence of attacks of its own accord.
Meanwhile, breaches in the high-tech and services industry were more likely to involve human error or malicious use of insider privileges, often compounded by inconsistent patch management. “Presumably, tech-savvy, high-tech organisations [appear to have] a difficult time keeping track of information assets and system configurations,” the report says. Tech firms were also
the most likely to suffer loss of intellectual property, while attacks on web applications were the most common form of intrusion.
In contrast to the tech sector, attacks against retail establishments were more likely to be opportunistic and simple in nature, although the report found a trend towards increasing complexity. Many attacks exploited remote access connections, with wireless network breaches significantly higher than in any other industry and steadily growing in number. Web applications were also commonly targeted in retail.
Attacks on the food and beverage sector tended to originate from partial-insider sources, such as the misuse of a business partner’s trusted remote access connection to access stored credit card details, or the exploitation of point-of-sale systems to spread malware across a chain of establishments. The attacks also tended to be quickly executed and highly repeatable, taking advantage of poor security configuration rather than application or software vulnerabilities. Food and beverage companies also took the longest time to discover breaches, with discovery almost invariably made by a third party.
Employees regard security policies as obstacles to getting their work done and regularly circumvent them, according to a survey by RSA Security.
More than half the workers questioned said they felt they needed to work around their company’s security policies in order to get their job done properly and on time, despite 94% of those surveyed saying they were familiar with those policies.
A further 79% admitted to having taken sensitive corporate information out of the workplace on a laptop, smartphone or USB drive, while 10% confessed to actually losing one of these devices.
Meanwhile, 65% admitted to frequently using public wireless hotspots to access sensitive corporate information, while 37% said they had unwittingly stumbled into an area of the corporate network they should not have had access to.
The survey sample was made up of a group who should know better – respondents were attendees at various security conferences, with 46% of them from the financial sector – implying that the problem could be even greater in the general population.
Superhacker Gary McKinnon on corporate security’s weak spots
As he faces imminent extradition to the
Find more stories in the Security & Continuity Briefing Room
