Attacks on companies are discovered far too late

It-companies experience many attacks, which an American report, based on 621 cases, explains about. In the report it explains that the majority of the attacks are external.

The report in question is the version from 2013 by the company Verizon’s Data Breach Incident Report, which can be found in a link at the end of the news. It expresses following:

- 92 % of the attack are external

- 14 % of the attack are internal

- In 1 % of the attacks a partner was involved

These numbers accounts for more than a 100%, as a case can contain both internal and external attacks.
Before it was known that the majority of threats was internal, and thus, the majority of resources has been spend on protecting the company from those. The company should of course keep doing that, but also remember to protect it against external threats.

Who are the external threats?
The report describes how the attacks primarily come from organized criminal groups, followed by the governmental driven attack groups.
The organized criminals do it for the money – big or small company – as long as there is money to be found, the company is in a potential threat.

Opposite, the governmental driven attack groups do not do it for money, but for espionage. The espionage threats are more obvious for organizations who are dependent of confidential information such as product design, recipes or governmental secrets.

What should the company do?
Companies can with great advantage, no matter type of company, start by increasing the level of security, in simpler ways, such as: updating all software, make sure to remove all holes in the web programs, go through configurations, clean up in applications and data. The company has to make sure do delete data, no longer needed to storage, and protect the rest.

Attacks goes unnoticed for several months. The report shows that 66% of the cases took several months to discover, and by then much data will be lost. Not all attacks can be stopped. There will always be someone who tries hard enough, and get through the defense. It is recommended that the company starts by assuming there is an attack, and they start right away by going through what has happened, shat has been taken, how did they achieve access?

The report
Below the report can be downloaded by pressing the link, and can contribute with valuable knowledge for a company.
It is among other reasons interesting as it has data from actual cases, that Verizon has help investigate, and has added data from cooperation partners.

PDF: 2013 Data Breach Investigations Report, Verizon Business (PDF-form

Source: Computerworld

Related product:

CapNordic Workflow 8.0

CapNordic Workflow Modules

CapNordic Workflow App

CapNordic Travel

CapNordic Documents