Perhaps the HAL 9000 computer of 2001 fame said it best, "It can only be attributable to human error." At least that is the sentiment that one gets while reading IBM's recent Security Services 2014 Cyber Security Intelligence Index report.
The report, which is based upon a sample of over 1,000 clients in 133 monitored countries, aims to address three key questions about IT Security:
- What's happening across the threat landscape?
- What kinds of attacks are being launched?
- How many of those attacks result in incidents requiring investigation?
IBM's research into answering those questions proves quite impressive and offers a treasure trove of information for those charged with enterprise security. However, interpreting that information into actionable items may still prove to be a challenge for many IT managers. For example, determining that users are the primary problem is far from crafting a solution.
While countless hours can be spent arguing over the infallibilities of intelligent machines and the shortcomings of end users, it still comes down to offering those same users productivity enhancing solutions that do not compromise security - a age old challenge that arrived with the introduction of computing. Naturally, productivity comes from efficient access to resources, making threat identification a key component of enabling secure access.
IBM's report helps to flesh out some of the areas of concern - for example, the report identifies the top five industries under attack, with Finance and Insurance shouldering some 23.8% of security incidents, Manufacturing impacted by 21.7%, Information and Communication suffering 18.6%, Retail and Wholesale is targeted 6.2% of the time, while Health and Social Services deal with 5.8% of the attacks.
Beyond the obvious speeds and feeds, those numbers constitute a road map for the likelihood of attack, meaning that those business segments with the smaller percentiles are less likely to be targeted. Although that statistic may provide some comfort, it doesn't not eliminate the possibility of attack or excuse security professionals from doing everything possible to protect IT assets and data.
Case in point is the type of attack that is targeted at industries, where malicious code or denial of service based attacks are designed to disrupt operations, while credentials abuse and unauthorized access attacks are usually focused at stealing information. IBM categorized incidents to give some insight into what attacks make up the threat landscape showing that some 38% of attacks involve malicious code, 20% are based upon probes/scans, 19% involve unauthorized access, 12% are categorized as suspicious activity, 9% involve credentials abuse, while just 2% comprise of Denial of Service (DOS) attacks.
Once again, the numbers represent frequency and not the level of damage than can happen - for example, a DOS attack could effectively put an online retailer out of business, while unauthorized access to lead to millions of dollars of intellectual property falling into the wrong hands. Simply put, it all comes down to context and how a particular business is impacted - while some businesses may lack marketable intellectual property, they may be susceptible to credit card information being stolen - so while the numbers offered by IBM prove for a good read, using those numbers for the basis of action items means applying them to the appropriate business case.
Obviously, attacks involve people - either as attackers, victims, or those who have made mistakes. Luckily, those inadvertent actors consist of only 5% of those identified as attackers - indicating that mistakes can happen, but are relatively rare when compared to those with criminal intentions. For example, IBM claims that some 56% of attackers are outsiders, while malicious insiders account for 17%.
The threat from outsiders is most obvious, but many organizations are failing to account for how those threats may propagate into today's networks. The attack vectors have grown beyond brute force attempts, malicious code and even phishing scams - today's outsiders are leveraging social information to better target attacks and gain entry into systems.
IBM correctly identifies how social networking has impacted IT security and makes the point "Rather than seeing a particular enterprise as a single entity, attackers now also look at an enterprise as collections of individuals. That means they decide to target specific people instead of enterprise infrastructures or applications. In other words, the personal lives and business activities of employees can be leveraged to target an enterprise."
For the IT security professional, IBM has provided ample fodder (although self-serving) to light a fire under IT security projects and start deploying technologies that can protect people from themselves as well as businesses from those same people.
Frank J. Ohlhorst is an award-winning technology journalist, author, professional speaker and IT business consultant. He has worked in editorial at CRN, eWeek and Channel Insider, and is the author of Big Data Analytics. His certifications include MCNE, MCSE, A+, N+, L+, and Security+.