Kroll Advisory Solutions Releases 2013 Cyber Security Forecast
December 20, 2012
Highlights the Top Four Cyber Security Concerns Organizations Aren’t Talking About, But Should Be
NASHVILLE, TN — Global investigations firm Kroll Advisory Solutions today released its 2013 Cyber Security Forecast, highlighting the most unexpected cyber issues organizations will confront in the year ahead and best practices for addressing them.
“Unless the Mayans are right, 2012 will end and 2013 will begin anew, and organizations across all industries will still be responsible for ensuring their data security practices are airtight,” said Alan Brill, senior managing director at Kroll Advisory. “While last year’s vulnerabilities will continue to haunt organizations that have yet to evolve their policies and procedures — from encrypting data to regularly changing passwords — there are many challenges and solutions that have yet to be explored. For this reason, we’ve decided to deviate from our respected peers in the industry and take a new tack with our 2013 predictions: addressing the issues organizations aren’t talking about, but should be.”
Below, Kroll offers four unexpected cyber forces to be reckoned with in 2013 and recommendations for addressing them:
1. Vampire Data: Organizations Get Bitten by the Data They Never Knew They Had
Data exists in myriad locations and in a multitude of formats within an organization, and we’ve seen too many instances where clients just didn’t know the data existed until they experienced an attack. We call this vampire data — basically, any data that can’t seem to be killed, but comes back to drain the life out of the organization. Examples include backup tapes and archiving that go back decades (even though they were scheduled to be destroyed); emails that should be destroyed after 90 days but exist indefinitely on employees’ desktops; and material that has been copied to portable or cloud storage without the organization’s consent or knowledge. While it may not be a sanctioned copy of data, it may still be a discoverable one, and it can certainly be stolen or lost, causing a data breach that just shouldn’t have happened.
What organizations can do now to prepare: Take a data inventory, classify it by confidentiality or sensitivity level, and handle it accordingly. Only allow users to access the data they need and provide employees with regular data handling training to avoid unnecessary data propagation or transmission. Investigating a breach of vampire data can put significant strain on internal resources, so it is a good idea to engage an outside consultant to help you determine what was lost.
2. Forgotten Forensics: Organizations Gain New Appreciation for Data Forensics in the Wake of a Breach
Like any applied science, forensics requires certain real-world tools and applications in order to be successful. During a forensics investigation, we sometimes have limited resources at our disposal because organizations aren’t properly logging or documenting their activities. As a result, organizations will spend more money to discover whether the breach occurred and what was lost, and may wind up sending notifications based on reasonable assumption rather than concrete evidence of exposure. As organizations come to understand the reputational and financial importance of forensics investigations, we will see a shift.
What organizations can do now to prepare: Turn on your logs and make sure they are retained long enough to be useful. But it’s also helpful to perform a security assessment and train key employees in the basics of immediate breach response. Those employees who are most likely to be first responders in a breach should know how to respond without wiping out vital evidence needed to understand the incident, or if applicable, meet the requirements set by the cyber insurance policy carrier.
3. Hackers Out for the Kill: Hackers Aren’t Out to Steal Your Data, They’re Out to Destroy Your Company
It used to be that insider attacks were generally perceived as the most malicious — if a breach was perpetrated by a malicious insider, especially one with an axe to grind and easy access to sensitive information, the results could be pretty nasty. But the latest batch of cyber attackers are delving deeper into the cyber warfare and cyber terrorism space. They have a rapidly evolving ideology and agenda — namely, they are coming to destroy the secure network, erase pertinent data, wreak havoc with physical equipment, and ultimately take your company down. Kroll worked on a handful of very large engagements in 2012 that involved this type of attack, and in each case, the company was hit by an attack that destroyed data on a large number of machines throughout the global enterprise.
What organizations can do now to prepare: While this seems like a problem strictly for large enterprises, players are already beginning to develop and deploy these tactics on organizations of all sizes and in all industries. These groups may be looking for profit, perhaps holding your data for ransom, but the end result is still the same, and the stakes are high. Make sure you have a backup plan. Don’t assume that because you have backup tapes you have a plan for restoration. If you are outsourcing IT functions, make sure your third parties understand their role in getting you back up and running — and you’ll want to test their ability to do so.
4. The Gift of Gab: The Luxury of Nondisclosure Is a Thing of the Past
While the academic debate on this issue will continue in 2013, we’ll start to see more and more organizations speaking up — even when the loss is not personally identifiable or protected health information (PII and PHI). In some cases, nondisclosure will simply not be an option. For instance, if you experience a data destruction attack, everyone will know once your systems are down. In other instances, the stakes will be too high; the threat will be insurmountable without help from security consultants and government entities. We’ve already seen an increase in the number of breaches where clients have been notified by a government entity or security firm that they’ve lost sensitive data; we expect to see that trend only accelerate in 2013.
What organizations can do now to prepare: It is becoming increasingly important to contract with outside resources — an investigation and forensics partner, a privacy law firm, and/or a breach notification partner. When a security incident occurs, having providers in place to assist with the investigation, advise on current legal requirements, and prepare a response should it experience a breach of PII will save time and expense for the affected organization.
“If we’ve learned one thing from the changing climate of data security in 2012, it is that 2013 will definitely not be a time to employ the same old tactics,” said Tim Ryan, managing director at Kroll Advisory. “Boards of Directors are becoming more engaged on this subject, in part because it deals with corporate risk and also because the regulators are on the lookout. 2013 will require a review of information security governance, identification of information risk and controls, and preparation for the inevitable: a breach of sensitive data, a looming threat for every organization.”
About the Experts
Alan Brill, CISSP, CFE, CIPP, FAAFS
Alan Brill consults with law firms and corporations on investigative issues relating to computers and digital technology, including the investigation of computer intrusions, Internet fraud, identity theft, misappropriation of intellectual property, cases of internal fraud, data theft, sabotage and computer security projects designed to prevent such events. Brill has been an instructor for the FBI, Secret Service, Federal Law Enforcement Training Center, AICPA, ABA, John F. Kennedy School of Government at Harvard and the NATO Center of Excellence — Defense Against Terrorism. He has testified in state and federal courts, before congressional and federal agency committees, and has served as a Special Master for the federal courts. His internal security and control technique formed the basis for the National Aeronautics and Space Administration (NASA) standard for design of secure systems. Alan is author and co-author of six books and has appeared in a wide range of media outlets as a subject matter expert, including 60 Minutes; Dateline NBC; Good Morning America; Time Magazine; US News and World Report; Wall Street Journal; USA Today; NBC, CBS and ABC News; as well as CNN, MSNBC, CNBC, BBC, A&E, CBC, Discovery Networks and Court TV.
Timothy P. Ryan
Timothy P. Ryan joined Kroll’s Cyber Investigations practice in New York after a distinguished career as a Supervisory Special Agent with the Federal Bureau of Investigation (FBI), where he supervised the largest Cyber Squad in the United States. An expert in responding to all forms of computer crime, attacks, and abuse, Tim has led complex cyber investigations involving corporate espionage, advanced computer intrusions, denial of service, insider attacks, malware outbreaks, Internet fraud and theft of trade secrets. From 2009 through 2010, Tim served as Acting Director of the FBI’s New Jersey Regional Computer Forensic Lab, one of the nation’s largest, state-of-the-art digital forensic laboratories. Tim also conducted computer forensic examinations as a member of the FBI’s elite Computer Analysis and Response Team. Tim is an adjunct professor at Seton Hall University School of Law where he teaches cyber crime and cyber security to law students, prosecutors, defense attorneys and homeland security professionals.
About Kroll Advisory Solutions
Kroll Advisory Solutions, the global leader in risk mitigation and response, delivers a wide range of solutions that span investigations, due diligence, compliance, cyber security and physical security. Clients partner with Kroll Advisory Solutions for the highest-value intelligence and insight to drive the most confident decisions about protecting their companies, assets and people.
Kroll Advisory Solutions is recognized for its expertise, with 40 years of experience meeting the demands of dynamic businesses and their environments around the world. Headquartered in New York with offices in 29 cities across 17 countries, Kroll Advisory Solutions has a multidisciplinary team of 700 employees. For more information, visit: www.krolladvisorysolutions.com.