- Is the Chinese cyber-espionage highlighted in the Verizon breach report escalating, or are we just getting a clearer picture of business as usual?
- The larger threat still comes from within our own borders and from Eastern Europe.
The new Verizon Data Breach Investigations Report made for good headlines concerning an increase in what it says is cyber-espionage coming from China. The one-two punch of the earlier Mandiant APT1 report, which offered evidence of the massive cyber-espionage effort conducted by Unit 61398 of China’s People’s Liberation Army, and the new Verizon report puts more pressure on the U.S. government to respond to this apparent increased threat; it also puts the onus on board members of publicly held companies that are targets of espionage to put more resources into the protection of intellectual property. Just the phrase ‘Chinese cyber-espionage’ has very sinister connotations to it, conjuring up thoughts of attacks on infrastructure, or increasing competition with Chinese companies using stolen IP and cheap manufacturing as a competitive cudgel.
However, in both reports, the reason we see this more clearly is because of improvements in the ability to track the source of attacks. It may not represent an increase in such attacks, just a clearer picture of business as usual. What could be lost in the hype is the fact that only 20% of the breaches that Verizon analyzed were cyber-espionage, and the majority of breaches were financially motivated – primarily payment card theft and ATM machine fraud. The DBIR found that among the 621 data breaches it analyzed, 92% were perpetrated by outside threat actors, and 55% of those were tied to profit-driven, organized crime groups.
Much of this fraud is aimed at or stems from small businesses (especially retail and food services), because cybercriminals know they do not have the resources to mount an effective defense-in-depth strategy. The banks that those small businesses do business with aggressively promote online banking with those customers, not only because it lowers their operating costs, but also because they know that the law (at least in the U.S.) does not hold them responsible for online theft. Change the law to hold them accountable, and voila, they will put more rigid controls and better security in place to safeguard online transactions with their small business customers.
The larger lesson in this report suggests that we should, perhaps, pay more attention to the threats from within our own borders, as well as from Eastern Europe (e.g., Romania and Russia), where the report says the majority of the financially motivated attacks originate. Financially motivated attacks may not make the headlines much anymore, but they represent a bigger threat to a larger number of businesses, many of which can ill afford the losses.