Insider attacks are the biggest source of trouble for financial services firms while high-tech firms have a trouble keeping track of security configurations leaving gaping holes for hackers, according to a report released today by Verizon Business.
"Financial services firms do a great job of watching and tracking traffic from and to the enterprise, but it's their own employees that represent the biggest threat."
Bryan Sartin, Director of the Investigative Response Team, Verizon Business
Verizon issued a supplemental analysis of its
The analysis shows that in all four of the industries, Web facing application vulnerabilities and remote access control issues often led to a data breach. Payment card data was the biggest draw of attackers.
Verizon said insiders represent the greatest threat to financial services firms. More than 42% of Verizon's investigative response unit's cases involved employee deceit and 32% of the case load represented the misuse of information.
"Financial services firms do a great job of watching and tracking traffic from and to the enterprise, but it's their own employees that represent the biggest threat," said Bryan Sartin, director of the Investigative Response team at Verizon Business.
Sartin said 68% of the cases in the financial services industry were opportunistic, while only 32% were a directly targeted attack.
"It often involves the abuse of privileges," he said. "No one is looking so there's an opportunity factor."
Sartin said the analysis found that attacks on financial services firms take longer and are more sophisticated, often involving more than one person. Discovery can take weeks, although financial services organizations generally learn of breaches more quickly than other types of organizations, Sartin said.
The use of the more advanced technologies at high-tech firms often lead to system configuration issues and vulnerable systems. High-tech organizations also have trouble keeping track of data sources making them further vulnerable to a data breach, according to Verizon.
Hacking and malware represented a larger threat to high-tech firms with 45% of data breach cases involving hacking and 32% of the cases involving some form of malware.
The retail industry represented the greatest portion of the overall cases analyzed. In many cases, retailers left remote access connections open, even if they were no longer used. Overall, attacks against this industry are largely opportunistic, seeking quick payloads of data that can easily be used for fraudulent purposes, Verizon said.
Sixty-eight percent of attacks on retailers involved hacking with the attackers taking advantage of an open VPN connection or weak wireless security. Sartin said that in many cases vulnerable point-of-sale systems were to blame.
"Increasingly breaches are repetitive and we can see a pattern in the types of systems being exploited," Sartin said. "When we get calls with a potential problem we know to look at the POS system right away."
Point-of-sale systems were also a major problem for the food and beverage industry. Restaurants and hotels were being consistently attacked based on the type of POS system they were running, Sartin said. In many cases criminals used an exploited POS system to stage additional attacks.
About 95% of all data stolen from the food and beverage industry was from Internet facing systems. The attacks are external and rely on poor security configurations and software vulnerabilities. Once hackers find a pathway into a system, Sartin said they look for other restaurant chains, hotels or beverage companies with similar systems.
"It's easy to go after the vendors that support the POS systems," Sartin said.
The full Verizon data breach report is available for free from Verizon Business.