Yahoo, eBay, Target, Anthem. All survivors of recent security or data breaches.
In 2013, more than 110 million Target shoppers had their payment and personal information compromised. A year later, another 145 million eBay users had their names, addresses, birthdates and encrypted passwords exposed. And finally, the Yahoo breach, which affected all 3 billion (yes, with a b) user accounts—the largest known attack on a corporate network to date.
Cyberattacks can take many forms, but whether malware is the main method or a hacker gains command and control by initiating a phishing campaign, the adversary is always the same: a human. While it is reasonable to assume that security breaches occur arbitrarily throughout the year, we’ve noticed a trend over the past five years: a higher incidence of attacks from February to April, known in the industry as breach season.
Why the concentration in these months? As winter winds down, attackers wrap up their plotting and planning, springing into action in the new year. These attackers, who are often criminal enterprises that are well-organized and well-funded, tend to start reconnaissance efforts in the fourth-quarter time frame. When they find weaknesses in the networks of their targets, they launch their attacks.
A breach can happen to any organization, regardless of its prior level of preparation. Health care organizations seem to be highly targeted. This is partly due to the fact that the records they possess contain a considerable amount of private data that can be sold or used to create false identities. It might also result from an over-reliance on regulatory compliance, which by itself does not equal security.
These organizations have a higher likelihood of paying in a ransomware attack in order to minimize the negative impact and expedite their ability to return to normal operations. Although compromised health care records are alarming, there are even more frightening possible scenarios, including attacks on the nation’s critical infrastructure (e.g., electrical grid, water-control systems).
Individuals are not immune to attacks, either. By targeting an individual, an attacker might acquire credentials to gain a foothold within a network. Some common attack-execution strategies are:
◗ Email phishing attacks, which might include malware attachments or direct links to a malicious site posing as a real site.
◗ Phone scams in which an attacker poses as someone he or she is not in order to trick an individual into providing information about others or even himself/herself.
◗ Fake advertisements on websites informing an individual that he/she needs to update certain software, which leads to the individual’s downloading malware.
With the elevated risk of a breach this time of year, it is vital for both individuals and organizations to protect themselves from threats. Organizations can do this with a strong security program, proactive monitoring services, and best practices such as vulnerability management and multi-factor authentication.
Individuals must also be aware of potential security pitfalls. Never blindly give away information or passwords. When it comes to password management, organizations and individuals should make them complex and change them often.•
Pelletier is a founding partner of cybersecurity firm Pondurance.