Using Cyber Risk Intelligence to Identify the Controls You Should Focus On

With so many cyber threats out there, knowing where to focus your efforts and what controls to implement is no easy task. However, with cyber risk intelligence, you can gain an immediate understanding of the trending cyber threats to your business domain, what the bad guys are after and how they are getting in. And then you can shift your defenses and implement the appropriate controls.

In a new mid-year cybercrime report by SurfWatch Labs, our data analysts looked at all of the CyberFacts, or evaluated cyber intelligence, collected from 1 January to 30 June 2015. A CyberFact consists of an actor—who conducted the attack; target—what information/systems were targeted; effect—what was the impact of the attack; and practice—what method was used, along with other key metadata and information such as the target industry sector.

A common theme we found was that cybercriminals are targeting personally identifiable information (PII). The top breach targets of the first half of 2015 (Anthem, OPM, etc.) show an important shift when compared to the second half of 2014 when point of sale (POS) breaches at Home Depot, Staples, Dairy Queen and others took up seven of the top 10 slots. In those instances, cybercriminals were going after credit card information, which is very different from the personal information of patients, employees, partners and other individuals associated with the breached organization.

The reason for the cybercrime shift to focus on PII is that this kind of information allows cybercriminals to gain a greater fraud footprint—much more beyond simply selling credit card numbers on the Dark Web. If your organization has personal data, it is time to pay close attention and implement the proper controls.

We found that 77 percent of all cyberattacks in the first half of 2015 started at user interaction points with web sites, applications, accounts and/or endpoints. While the mid-year report outlines differing avenues of approach for different industries, cybercriminals are first targeting users for entry.

Knowing the user environment is the most targeted, you will want to implement the proper controls to ensure you can answer these questions:

• Are your users effectively trained?
• Are you proactively monitoring the user environment?

It is certainly not an easy feat, but it’s critically important to the overall security posture of your organization.

Another key point to highlight is that since last year when POS equipment was the leading avenue of approach, retail vendors have been upgrading their equipment for chip and PIN, adding tokenization and more, which is creating a harder target for actors to penetrate. As such, cybercriminals have shifted to other “softer” targets.

You cannot just implement controls to address an exploitable surface and then think you are covered, as it is a constantly moving target. As targets begin to harden their environment, the cybercriminals will shift to softer targets to continue their business—and right now they have chosen your users or, in some cases, the users of your partners.

Adam Meyer
Chief Security Strategist at SurfWatch Labs

[ISACA Now Blog]