Cybercriminals who wage a successful malware attack rapidly target other victims - and the targeted organizations rarely detect the attacks on their own, according to Verizon's latest Data Breach Investigations Report.
"Most of the threat actors want to move quickly in order to be able to continue to reuse their tools, techniques and procedures," Chris Novak, director of investigative response for Verizon's RISK Team, says in an interview with Information Security Media Group at the PCI Security Standards Council's North American Community Meeting in Las Vegas. "So if they have a piece of malware that works ... they want to hit as many victims as they can before they get discovered. ... For them, it's all about speed before their tools get identified."
That's why it's so important that organizations dramatically improve their ability to mitigate malware risks, Novak says.
"In our investigations, it's not usually that we're recommending an organization buy more tools," Novak says. "Usually it's more about improved resources, processes and procedures."
PCI Security Standards Council General Manager Stephen Orfei, who also participated in the interview, says that when it comes to fighting malware attacks, speed is essential.
"We're really going to look at detection, and figure out, 'How can we collapse this timeframe? How can we detect and deter these intrusions in a timely manner, and really look at incident response and encourage tabletop exercises? Don't just have a plan that sits on a shelf - actually execute against it."
Overcoming Resistance to Change
The council is working to educate organizations about the importance of keeping systems and software up to date and implementing other basic security practices. Overcoming resistance to change is a key component, Orfei says. Too often, he says, senior executives "get comfortable with the system and really don't want to change anything."
During this interview (see audio link below image), Novak and Orfei also discuss:
The types of attacks targeting different industries; Why most breaches impacting retailers could have been prevented with easy fixes; and How phishing attacks continue to be fraudsters' easiest means for breaking into networks and systems.Novak has been involved with information security for more than 15 years, and has assisted corporations, government agencies and attorneys with computer forensics, fraud investigations and crisis management. He has been an adviser on dozens of high-profile intrusion and data breach investigations around the globe.
Orfei is an industry expert in global payment platforms, e-commerce, mobile payments and cybersecurity. He brings more than 20 years of experience developing and delivering complex global payment solutions to his role as general manager of the PCI Security Standards Council. Orfei has held senior positions at an international telecommunications corporation, security assessment companies, a global payments card brand and in military service.