The cyber landscape

2013 was full of headline grabbing cyber stories. The focus recently has been on the high profile data breaches in the retail sector, but other events such as the Distributed Denial of Service (DDoS) attacks on financial institutions, the Adobe data breach and a handful of others were just as significant, if not more so.

These highly publicized cyber events seem to be occurring with increased frequency and will likely become more commonplace in the future, but they represent only a fraction of the total events impacting businesses today. They do, however, provide examples (albeit on a much larger scale) of the types of threats that a majority of businesses find themselves increasingly exposed to.

The challenge for many is that the cyber-threat landscape is continuously evolving. There’s a constant cat-and-mouse game played between cyber security professionals and the bad guys seeking to uncover new vulnerabilities.

This game requires significant information security expenditures by businesses in order to stay a step ahead. For this reason an understanding of the cyber landscape can help to better direct their focus.

In this week’s Data Spotlight, Advisen gives a brief overview of the cyber landscape…

Cyber event count and type trends

With all the hype surrounding some of the larger cyber events in 2013, it is easy to see how one might think that it was a banner year in terms of the total number of events. According to Advisen data, however, 2013 saw just a slight increase in the number of total events over 2012 and remained below the levels experienced in 2009, 2010 & 2011. In fact, the annual count of new events has remained fairly consistent since 2009 hovering between 1200 and 1400 per year.

Please note, when Advisen refers to an event it is referring to the incident itself. Advisen tracks not only the number of events but also the type of loss, and source of loss (e.g. thumb driver, server, etc.).

Defining the events

Advisen defines the following events:

Digital Data Breach, Loss or Theft as a Digital breach, distribution, loss, disposal, or theft of personal confidential information, either intentionally or by mistake, in such a way to enable the information to be used or misused by another.

System/Network Security Violation or Disruption unauthorized use of or access to a computer or network, or interference with the operation of same, including virus, worm, malware, digital denial of service (DDOS), etc.

According to Advisen Loss Insight data, some of the notable, but less publicized, 2013 system/network security violation or disruption events include:

• Time Magazine’s Twitter account being hacked by the Syrian Electronic Army
• Bitcoin Internet Payment Services being hit by a massive distributed denial-of-service (DDOS) attack in preparation for a data breach that would take place two days later.
• Nasdaq OMX Group halted trading due to a software bug and other internal technology issues.
• The New York Times website was inaccessible for more than 12 hours after the company’s domain name registrar was attacked.
• JP Morgan Chase, Citigroup and Other US Banks were hit by DDoS attacks reportedly by the Cyber Fighters of Izz ad-Din al-Qassam.

Events by industry

No industry is immune to the threat of a cyber-event, but some, based on the nature of their business, are more prone than others.

Perhaps not surprisingly, the services sector (e.g. healthcare, education, hospitality etc.) is the most likely to experience a cyber-event according to Advisen data. These companies typically collect and store vast amounts of valuable personal identifiable information (PII) which makes them more likely to be targeted by outside cyber-criminals and more prone to insider threats, both accidental and with malicious intent. The cyber case count distribution by industry is illustrated in the chart below.

Just the big boys? Events by revenue size

Cyber-risks often are mistakenly thought to be only a large company problem. While the large companies are the big fish and can provide the biggest paydays, they also generally have the strongest defenses.

As a result, smaller organizations are targeted with increased frequency as some criminals are changing their strategy to quantity over quality. Cyber-criminals also are targeting the smaller companies to act as a conduit to their larger brethren as they frequently do business with them and can open doors that would otherwise be unavailable. The chart below illustrates the number of cases by revenue band.