Data breaches are hitting every level of companies today, and retailers must be prepared to respond to an attack.
Those are among the conclusions of the just-released second edition of the Verizon Data Breach Digest, which reveals the impact of data breaches on compromised companies while also offering various scenarios to help retailers reduce risk and properly respond.
Authors of the report noted that data breaches “are becoming more complex and are no longer confined to just the IT department but are now affecting every department within an organization. Each breach leaves a lingering, if not lasting imprint on an enterprise.”
John Grim, senior manager of investigative response at Verizon and one of the authors of the 100-page report, told WWD that his team of investigators analyzed global data attacks to come up with 16 various breach scenarios that include industry type, stakeholder involvement and incident patterns. Over 500 incidents were reviewed that occurred in 40 countries. “It’s based on our experiences with prior breaches, and we wanted to take what we learned from our investigations to inform the digest,” he noted.
In the retail sector, about 90 percent of “security incidents” involve denial of service, point of sale or an app attack. Sixty-four percent of incidents at retail are point of sales types. “Attackers were often able to compromise systems in hours or less,” noted researchers in a prior Verizon report. “But in 79 percent of cases, it took retail organizations weeks or more to discover a breach had occurred.”
Grim also noted the prevalence of people in regard to attacks. “Humans continue to play a significant role in data breaches and cyber security incidents, fulfilling the roles of threat actors, targeted victims and incident response stakeholders,” the report said, while Grim added attacks at retail can involve the entire c-suite as well as the human resources department.
Bryan Sartin, executive director of Verizon’s Research, Investigations, Solutions and Knowledge Team, described data breaches as “growing in complexity and sophistication.”
“In working with victim organizations, we find that breaches touch every part of an organization up to and including its board of directors,” Sartin said. “Companies need to be prepared to handle data breaches before they actually happen in order to recover as quickly as possible. Otherwise, breaches can lead to enterprise-wide damage that can have devastating and long-lasting consequences such as a loss of customer confidence or a drop in stock price.”
Sartin said the digest can help “businesses and government organizations understand how to identify signs of a data breach, important sources of evidence and ways to quickly investigate, contain and recover from a breach.”
“For each scenario, you go through a detailed analysis of how the attack occurred, level of sophistication, threat actors involved, tactics and techniques used and recommended countermeasures,” the authors of the report noted. Some examples of the various scenarios and related attacks include the “Absolute Zero” attack spurred by a disgruntled employee and the “Indignant Mole” attack, which was a business partner misuse case.
Those two types of attacks were classified as “human element” ones. Other classifications include conduit devices, exploitation of software and malicious software. With the latter, attacks cited included the “Fetid Cheez” breach and the “Polar Vortex” attack.
Regarding response tactics after an attack, Verizon’s RISK team suggested that companies “preserve evidence, [and] consider consequences of every action taken; be flexible, [and] adapt to evolving situations; establish consistent methods for communication; know your limitations, [and] collaborate with other key stakeholders; document actions and findings, [and] be prepared to explain them.”