19th-20th November 2011 - Melbourne, Australia
2010 will be remembered for many things, but from a cybercrime point of view we have seen an increasing amount of commoditisation of cybercriminal activities. This may surprise many people because in 2010, Stuxnet, a worm specifically written to target SCADA systems, became a significant factor in information security circles and this is certainly anything but a commoditised threat.
Real world threats that should worry every person responsible for the protection of systems against cybercriminals, and that is all of us, is that many of the threats we face have now become commodities and cybercriminals looking for soft targets. Many organisations would take this as a sign that they are not at risk, as they would not consider their environments a soft target. However, with complacency comes risk, and risk leads to opportunities for data compromise.
The analysis that we have done over the last four years across the many hundreds of cases we have investigated, as well as those provided to us by law enforcement agencies on two continents, leads us to believe that the vast majority of data breaches are not high technology movie plots. Typically, they are a series of small errors that provide enough opportunity for an attacker to gain access to the critical data. The key recommendations from the analysis in the DBIR revolve around a few simple factors. Firstly, many organisations do not really know where their critical data is located. If you do not know where your critical data is located it cannot be effectively protected. Huge numbers of attacks target data the victim is unaware they are storing. Secondly, really monitoring logs is a great way to reduce the chances of attackers from stealing large amounts of data from your organisation. Lastly, the information security basics, if done consistently everywhere, are sufficient to prevent a data breach in most cases.
Mark Goudie is the Verizon Business managing principal for Investigative Response in Asia/Pacific and brings more than 20 years experience in IT to this role. He specializes in computer forensics, incident response, and e=Discovery and has held this role since 2007.
In 2005 and 2006, Goudie was a member of the SANS (SysAdmin, Audit, Network, Security) Institute expert panel that identifies the top 20 Internet security threats to business and organizations. The institute operates the Internet's early warning system, known as the Internet Storm Center, and collects, researches and maintains documents about Internet security.
He is a joint author of the Verizon Business Data Breach Investigations Report and is a regular speaker at industry conferences including AusCERT, OWASP, PCI DSS, Ruxcon, and the INTERPOL Information Security Conference.