Tag Archives: breach

FIS Spends Over $100 million in Breach Response

Fidelity National Information Services (FIS), a large banking services company, was hacked in 2011 and information from that breach was used in a $13 million ATM theft.  Initial reports said damage was limited to a small portion of its organization.  Subsequent audit reveals a much larger breach plus apparently poor management of its incident response.

  • More than $100 million spent in response to breach
  • An FDIC audit showed that since the breach & response that many machines still have default, no, or poor passwords
  • An FDIC vulnerability scan found over 10,000 instances of default passwords in use
  • FDIC report in November 2012 shows 18,747 network vulnerabilities and 291 application vulnerabilities presented as past due

More here


Verizon Data Breach Study & SMB Factors

Verizon just released their 2013 Data Breach Investigations Report (DBIR).  It draws data from work done by several law enforcement agencies, incident-reporting groups, research institutions, and private security firms. It studies over 2,500 confirmed data breaches (representing more than 1 billion records).

Some observations from the report for all company sizes:

  • 75% of attacks were opportunistic, ie a specific company or individual was not directly targeted
  • Attackers consisted of activists, criminals, & spies
  • Of the cases of insider sabotage, 50% came from old accounts or back doors that had not been disabled
  • The vast majority of attacks (68%) were considered “Low” difficulty (meaning basic attack methods with little or no customization required)
  •  ‘Unapproved’ hardware accounted for 41% of misuse
  • It is taking longer to discover breaches, up 10% from 2012.  This means that the bad guy can operate at will for longer periods of time.

Some observations for small and medium sized businesses (employee count < 1000):

  • In companies less than 100 in size, retail had an exceptionally large exposure, followed by food services companies
  • 57% of attacks were from organized crime and 20% were state-affiliated
  • 72% of attacks were from hacking, 54% from malware, and 32% from social media
  • In 86% of the attacks, spyware or keyloggers were installed as a part of the attack
  • SMB’s are at higher risk for ransomware schemes
  • Desktop sharing was primary attack vector for hacking attacks for SMB’s
  • Email was primary vector for social attacks
  • Unapproved hardware contributed to misuse in 52% of cases in small & medium sized companies (compared with only 22% of large companies)
  • Point of Sale devices most often attacked information asset for SMB’s

2013 Data Breach Investigations Report

Executive Summary