CIO & LEADER-Issue-01-April 2018 (1)

Insight
Origin of breaches
TThe conversation around enterprise
security and threat management has
always been horizontal. While there
is a broader recognition today that the
business impact of an incident could
vary significantly across industries,
there has been little effort to understand
how the fundamental metrics of
threat vary across businesses.
That means a largely uniform, horizontal
approach towards security.
The recently released Verizon
Data Breach Investigations Report
(DBIR) 2018 — the 11th edition of the
study — reveals why that could be
awfully inadequate.
Whether it is in terms of the origin
(external vs internal) of breach/
incidents, the type of data breached
or the nature of the attacks, the nine
industries covered by DBIR 2018 show
significant difference. Some of those
metrics are key to the understanding
of the nature of threats and hence
important from the point of view of a
solutions approach.
For example, as much as 99% of the
breaches occur in the accommodation
(hospitality) industry involve external
factors, while in healthcare, as much as
56% are internal. In fact, in hospitality,
Point of Sales (PoS) accounts for 90%
of all breaches.
“Often restaurants are smaller organizations
without the luxury of trained
security staff, but they are forced to
rely almost exclusively on payment
cards for their existence,” explains the
report. These attacks are overwhelmingly
motivated by financial gain and
perpetrated by organized crime.
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
Accommodation
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
Accommodation
Education
Education
Financial
Financial
Healthcare
The differences are not just in the origin.
The motives too are significantly
different across industries. Though
increasingly, financial motives are
becoming predominant, in some
areas—like manufacturing and public
administration—espionage are almost
equally strong motives. In healthcare,
curiosity is a major factor.
The kind of data that is targeted also
vary across industries. In Accommodation,
93% of compromised data is payment
data; in education, 72% of data
is personal. Credentials account for a
huge 41% in the Information sector.
A good counter-threat strategy
requires that the breaches are
Information
Manufacturing
External Internal Others
Prof Services
Motive behind breaches
Healthcare
Information
Manufacturing
Prof Services
Public Administration
Public Administration
Financial Espionage Convenience Fun ideology others
Retail
Retail
understood clearly. Each industry
has a different mix of motives, origins
and the kind of data that is targeted.
Since the security budget and
resources are limited, they need to be
channelized properly to optimize the
effectiveness of the security strategy.
Depending on the nature of
threat, the companies will not just
be able to identify the investment
priorities, it may also help an entire
industry segment to come together
to minimize certain threats. In
areas like healthcare and public
administration, a collaborative
approach may be more effective than
siloed approach
April 2018 | CIO&LEADER
33