Give me your keys and your wallet
In 2013, far and away the favorite data type to steal was Payment card information. Back in those days, criminals would walk a long way (barefoot, in the snow, uphill both ways) to obtain this type of data (and they were thankful for the opportunity!) Following that, Credentials were a fan favorite, and Internal and Secret data were also very much in vogue. Examining the types of data stolen today, in both small and large organizations, we see that Payment card data is so last year. Today’s criminal (lacking the work ethic of 2013) is primarily concerned with obtaining Credentials, regardless of the target victims’ size. Personal data also seems to be highly sought after, irrespective of the size of an organization. After those two heavy hitters, it becomes too close to call between Medical, Internal or Payment data.
Another change from 2013 is the types of assets commonly attacked. The top asset for large companies (47%) was an ATM, while Point of Sale (PoS) controllers (34%) (followed closely at 29% by the Point of Sale terminal) were the top assets for small organizations. All of those assets have now fallen entirely off the list for both org types. Nowadays, organizations regardless of size are troubled with attacks on User devices, Mail servers and People (social attacks).
No time like the present
Moving on to the differences in the dataset for this year alone (otherwise we can’t talk about patterns), the top attack patterns for small organizations were Web Applications, Everything Else and Miscellaneous Errors, with none of them emerging as the obvious winner. Meanwhile, large organizations are contending with Everything Else, Crimeware and Privilege Misuse as their main issues. Web Applications attacks are self-explanatory, while the Everything Else pattern is a pantechnicon stuffed with bits and bobs that do not fit anywhere else. Packed away in here you will find attacks such as the business email compromise—a social attack in the form of phishing, purporting to be from a company executive who is requesting data or a wire transfer. Miscellaneous Errors is a wide-ranging pattern that encompasses the many means (and they are legion) by which someone you employ can hurt your organization without malicious intent. The Crimeware pattern is your garden-variety malware and tends to be deployed by criminals who are financially motivated. Finally, Privilege Misuse is an act (usually malicious in nature) in which an Internal actor can ruin both your day and your brand.
When examining Timeline data, we noticed that the number of breaches that take months or years to discover is greater in large organizations (Figure 113) than in small organizations (Figure 114). This seems a bit counterintuitive. On the one hand, large organizations have a much larger footprint and could possibly be more likely to miss an intrusion on an internet-facing asset that they forgot they owned, but small orgs have a reduced attack surface so it might be easier to spot a problem. On the other hand, large orgs typically have dedicated security staff and are able to afford greater security measures, whereas small businesses often do not. Whatever the reason, there is a rather marked disparity between them with regard to Discovery.