Edward Tavares, Information Technology Internal Audit Manager for Hawaiian Electric Industries, drew on his academic studies in enterprise computing, anti-terrorism, electronic tracking and surveillance, as well as his wide ranging career at Verizon, BBN Communications and the U.S. Secret Service to discuss “Cyber Threats of Today and Tomorrow.. What Can We Do?”
Based on reports of incidences from 95 countries, cyberthreats in 2013 comprised more than 63,000 security incidents and 1,367 confirmed data breaches. While the universe of threats seems limitless, further analysis of 100,000 security incidents over the past 10 years showed that 92% of the breaches can be described by just nine patterns:
- Point-of-sale intrusions
- Payment card skimmers
- Physical theft and loss
- Web app attacks
- Denial of Service (DOS) attacks
- Insider Misuse
- Miscellaneous Errors
Ten years of lessons on cybersecurity have shown
that breaches can affect all industries and all sizes
of organization. The frequency of specific incidents
varies by industry. For example, 75% of attacks on the Travel/Hospitality industry targeted Point of Sale devices and systems, while 75% of incidents in Financial Services came from web app attacks, Denial of Service, and card skimming. In the public sector, only four patterns accounted for 98% of attacks: 34% errors, 24% insider misuse, 21% crimeware, and lost/stolen assets (19%).
Attackers have gotten faster at breaching systems, and while defenders are also getting faster, they are falling farther behind. Many successful breaches are detected by third parties, such as law enforcement agencies, specialist fraud detection organizations, or even customers.
Questions that investigators and auditors can ask when investigating IT-related data:
- What digital information do we have?
- Where do we keep it?
What is the risk associated with that data?
- Who has access to it?
- When was it last accessed?
- When it gets breached how do you respond?