Big cyber attacks like the Equifax incident in 2017 and the Marriot breach in 2018 have had devastating effects for those in the hackers’ crosshairs. But high-profile data breaches also hold important value for the good guys: clues to the attackers’ mindset.
A good understanding of your enemy’s intentions lets you better prepare your defenses, and nowhere is this truer than in cybersecurity. Technologies such as machine learning and real-time behavioral-based analysis are designed to offer an edge over looming cyber-threats.
Richard Watson, Cybersecurity Leader at Ernst & Young, agrees. In a report on the state of information security today, Watson notes that “more organizations are now beginning to recognize the broad nature of the threat.”
“One thing that has changed for the better over the past 12 months, partly because of some of those big cyber attacks we’ve seen at a global, level, is a growing realization that security is also about maintaining the continuity of business operations — and not only about the security of data and privacy.”
To that extent, EY provides a list of the 10 types of information most valued by cybercriminals. Customer information is the most valuable, according to 17% of the companies contacted in the latest EY Global Information Security Survey. Financial information and strategic plans were tied for second place, at 12%, followed by board member information (11%), customer passwords (11%), R&D (9%), M&A information (8%), intellectual property, non-patented IP (5%) and supplier information (5%).
EY lists phishing (22%) and malware (20%) as the biggest dangers to an organization today, followed by disruptive cyber attacks (13%), cyber attacks with the purpose of stealing money (12%), fraud (10%), cyber attacks to steal intellectual property (8%), spam (6%), internal attacks (5%), natural disasters (2%), and espionage (2%).
It is interesting that ‘internal attacks’ shows up as eighth on the list, considering that many studies paint disgruntled employees and careless staff as a major security concern. In fact, the same report puts careless/unaware employees as the vulnerability with the most increased risk exposure in the past year, followed by outdated security controls, unauthorized access and others.
In another notable finding in the report, the healthcare sector is storing increasing quantities of personally identifiable and sensitive information, but the sector’s awareness of cyber risks is growing and it’s determined to put stronger protections in place.