BID Daily Newsletter
June 10, 2016

BID Daily Newsletter

June 10, 2016

Data Breach Insights

For many years now, the advisability of genetically modified crops has been bandied about. Now new research is showing that genetically modified crops aren't merely safe--they appear to be good for people and the environment as well. The findings from the National Academies of Sciences, Engineering, and Medicine come as Vermont is poised to become the first state to require the labeling of foods containing genetically modified ingredients. With the market size predicted to reach $1.9B by 2020, at a CAGR of around 7.9% from 2015 to 2020, it's not surprising that food producers are steaming mad and firing back with a legal challenge.
Banks, meanwhile, are fighting a battle of our own--against data breaches. For some broad perspective and prevention tips, consider these tidbits from the 2016 Verizon Data Breach Investigations Report. It analyzed more than 2,260 confirmed data breaches and more than 100,000 reported security incidents.
To start, more needs to be done to combat phishing incidents. This occurs when an end user receives an email from a fraudulent source. Shockingly, 30% of phishing messages were opened which is 23% higher than the year-earlier report. Further, 12% of those clicked to open the malicious attachment or nefarious link.
One possible solution to this problem is to employ better email filtering systems so they never cross an employee's inbox. Enhanced employee training is also critical, as is providing them with a convenient means to report suspicious email, such as a button on their taskbar. Testing employees with fake phishing messages is another proven technique. Behavioral conditioning decreased susceptible employees' likelihood to respond to malicious email by 97% after just 4 simulations, according to the PhishMe Enterprise Phishing Susceptibility Report.
Another important takeaway: be sure to fix known issues. According to Verizon, most attacks exploit known vulnerabilities that have never been patched, despite patches being available for months, or even years. In fact, the top 10 known vulnerabilities accounted for 85% of successful exploits.
Also pay close attention to password security. Indeed, 63% of confirmed data breaches involved using weak, default or stolen passwords, the report noted.
Verizon also points out a disturbing trend with respect to payment card skimming. According to data from US law enforcement cited in the Verizon report, 94% of breaches in this category were related to ATMs. Unlike in previous years, when detection times edged toward the "days" category, this year's study showed that discovery times have jumped to the "weeks" category. These results drive home the importance of continually checking equipment for potential breaches.
Importantly, some models of ATMs are even designed to be tamper-resistant. Perhaps if it's time for an upgrade, take a hard look at these models as possible replacements. It also helps to implement controls that can help you spot evidence of tampering. This includes monitoring video footage of the ATM area. You should also train employees and assign the task of regularly monitoring the physical integrity of your bank's ATMs.
We've touched on this topic before, but data from the Verizon report also drives home the importance of knowing who has access to your data and maintaining tight controls.
Finally, when employees leave, it's critical to make sure they don't walk out with your sensitive data in their pockets only to be genetically altered at a competitor. The Verizon data identified numerous instances where a USB drive was used to transfer data prior to an employee's departure, so look closely here too.
Data breaches are like a bad crop, so by modifying how we operate, we hopefully can lessen harmful effects.