Security Breaches Still a Major Issue for Businesses

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.eweek.com/small-business/security-breaches-still-a-major-issue-for-businesses.html

Cyber-security specialist FireEye announced the release of the fifth annual
Mandiant M-Trends report, compiled from advanced threat investigations
conducted in 2013 by Mandiant, which FireEye acquired late last year.

One of the significant findings in the report was that the median number of
days attackers were present on a victim's network before being discovered
dropped to 229 days in 2013 from 243 in 2012.

While the study noted this improvement is incremental relative to the drop
from 416 days in 2011, organizations can be unknowingly breached for years.
The longest time an attacker was present before being detected in 2013 was
six years and three months.

"It is hard to overstate how quickly cybersecurity has gone from a niche IT
issue to a consumer issue and boardroom priority," Kevin Mandia, senior
vice president and chief operating officer of FireEye, said in a statement.
"Over the past year, Mandiant has seen companies make modest improvements
in their ability to attack the security gap. On the positive side,
organizations are discovering compromises more quickly, but they still have
difficulty detecting said breaches on their own. It is our focus to bridge
that gap and continue the positive trends our customers are seeing."
The report also indicated phishing emails largely look to capitalize on
trust in IT departments, as 44 percent of the observed phishing emails
sought to impersonate the IT departments of the targeted organizations. The
vast majority of these emails were sent on Tuesday, Wednesday and Thursday.

In 2012, 37 percent of organizations detected breaches on their own; this
number dropped to just 33 percent in 2013, suggesting that organizations in
general have yet to improve their ability to detect breaches.

Compiled from advanced threat investigations conducted by Mandiant in 2013,
the report details the tactics used by threat actors to compromise
organizations and steal data, and also highlights emerging global threat
actors, their suspected motives, as well as the types of targets and
information they are after.

Multiple investigations at energy sector companies and state government
agencies of suspected Iran-based network reconnaissance activity indicate
that threat actors are actively engaging in surveillance activities.

"While these suspected Iran-based actors appear less capable than other
nation-state actors, nothing stands in the way of them testing and
improving their capabilities," the report noted.

In addition, over the past year, Mandiant responded to an increased number
of incidents where political conflicts between nations spawned
cyber-attacks that impacted the private sector.

Specifically, Mandiant responded to incidents where the Syrian Electronic
Army (SEA) compromised external-facing Websites and social media accounts
of private organizations with the primary motive of raising awareness for
their political cause.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!