Leapfrogging
More data breaches will leverage account leapfrogging.
Perhaps most famously chronicled in the case of the White House and Office of Personnel Management (OPM) network attacks, leapfrogging is where cyber criminals penetrate the network or a personal computing device of one organization to gain valid credentialed access to another organization. In the case of OPM, it appears that attackers were able to penetrate the government agency's network by first compromising at least one computer at KeyPoint Government Solutions, a provider of investigative services for the U.S. government. From the attack on the government contractor in December 2014, attackers were able to use valid credentials to gain access to the OPM that went undiscovered until April 2015. In the case of the White House, it is believed that attackers first penetrated the State Department to then get access to the White House.
Most data breaches occur as a result of a network attack lasting weeks, months or even years. Attackers generally compromise a user's computer or network account through malware, spear phishing or social networking. Once a cyber criminal has access to just a single computing device or account, they can get network access and begin to systematically explore the unfamiliar network and gain additional points of control.
In 2016, we will see more data-breach leapfrogging, as cyber criminals compromise an initial target to gain access to a primary one.
2016 Security Trends: What's Next for Data Breaches?
2016 Security Trends: What's Next for Data Breaches?
Over the past year, there have been a number of disturbing developments with regards to data breaches. Not only have data breaches become more frequent, but their impact has become greater — not just in the sheer volume of information or assets stolen, but in the very nature of what hackers are targeting. The extremely sensitive data lost in the White House and Office of Personnel Management breaches are prime examples. Unfortunately, given the successful breaches of high-value targets in 2015, we can be sure that 2016 will only get worse.
With this horrifying direction and the gravity of what's at stake, it would be a fair expectation that most enterprises should be seriously looking at how their security needs to change. Obviously, traditional security is of little value when it comes to stopping a data breach. Intruders can easily elude preventative security — generally by compromising a single user device or account — and furtively conduct their business inside a network for months before being discovered.
A big part of the problem is that security organizations are still focused on preventative security — looking for a silver bullet that will keep an attacker out of their networks in the first place. Despite a Gartner recommendation that organizations shift security efforts toward the detection of network intruders and the emergence of promising new behavioral analytic tools and security strategies, well under 1 percent of enterprises have the ability to find a post-intrusion network attacker. Cyber criminals continue to have the potential for unimpeded, long-term success.
So how will attacks change in 2016? In this slideshow, David Thompson, Sr. Director of Product Management, LightCyber, has identified data breach trends we can expect to see in 2016.
