• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
  • TPRM by ThirdPartyTrust
  • Beacon by ThirdPartyTrust
  • Solutions
  • Risk Assessment Automation
  • Security Questionnaire Automation
  • Shadow IT Management
  • Zero Day Remediation
  • Integrations
  • Industries
    • Financial
    • Energy
    • Healthcare and Hospitals
    • Legal
    • Life Sciences
    • Manufacturing Industry
    • Retail
    • Technology
    • Other Industries
  • Pricing
  • Resources
  • Blog
  • Strategy Guides
  • Case Studies
  • Data Sheets
  • Webinars
  • Dictionary
  • API
  • Company
  • About us
  • Careers
  • Partners
  • Partners Login
  • Product Security
  • Privacy Policy

007 Life Lessons through the Verizon Breach Report: #4 Importance of country

Published by Sabrina Pagnotta on December 10, 2020
Categories
  • Blog
Tags
  • TPRM Best Practices
importance of country

We continue with our “007 Life Lessons through the Verizon Breach Report” series, which combines lessons from the gadget wielding international crime-fighter, James Bond with data from the DBIR to secure our enterprises. Today is the turn of lesson 4: Importance of country.

These lessons come from a recent presentation by our CEO Anders Norremo and Jason Torres from Rush University Medical Center at the 7th Annual Hacking Conference by ISACA and The Institute of Internal Auditors.

The importance of country

According to the following numbers from the FBI Internet Crime Complaint Center (IC3), the enemy is usually closer than we think or expect:

threat actor location verizon data breach report - importance of country

With a significant amount of attacks coming from the victim’s same country, state or city, it’s worth the peek inside. Do we have a constant view into who our enemies are that are attacking our firewalls, sending malicious emails, or poking our web apps?

As we saw in a previous life lesson about identity, many of the breaches we commonly see involve some sort of identity hijacking or impersonation. The proliferation of SaaS, combined with the uptick in remote work during the pandemic, exacerbated the credential problem, as there are too many users getting into too many systems. 

Do we know ourselves and our security teams? How can we ensure that identity is being checked both inside the business as well as in our third-parties? 

Read more: Access and user management with ThirdPartyTrust

Fortunately, we live in a country that wants to help. Apart from working on improving our cybersecurity game, we can always turn to the agencies in the US to help with our security posture. We need to work together – hence the “importance of country” that inspired this life lesson. 

james bond life lessons

The FBI or the Secret Service Electronic Crimes Task Force are some examples of authorities that could certainly help discuss scenarios and offer their insights regarding cyber crime issues. It’s worth making strategic partnerships to protect our enterprises.

How does this relate to the Verizon Data Breach Investigation Report and James Bond?

Verizon’s breach report draws parallels to the Bond movies when it comes to financial motivations. For example, SPECTR is a commercial enterprise seeking financial gain, and antagonist Elliott Carver was driven by owning the biggest news network on the planet.

They are financially motivated, and so are cybercriminals nowadays, according to the report. In fact, we see that the actor motive in the great majority of data breaches is financial, way above espionage.

actor motive over time in breaches

Another interesting takeaway is that when we look at the actors, we find employees are not the weakest link, although we usually hear the opposite.

James Bond had double agents that would backstab him from time to time, but most often the enemy was well known and defined. Same thing happens in the real world.

We can’t ignore the fact that 30% of data breaches are linked to internal actors. But while some are criminal in nature, the report says many are simple mistakes. The rise in internal actors in the dataset these past few years might probably be an artifact of increased reporting of internal errors rather than evidence of actual malice from internal actors.

Back to the core of this blog, our advice is to work together with industry peers and the federal government to help strengthen your security posture.

“It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.“

-Sun Tzu, “The Art of War”

Are you turning to your country for help?




To learn more about how ThirdPartyTrust can help you manage third-party risk across your organization, request your free trial now:


Trial Account Sign-Up
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
    • Phone
      |+1-617-245-0469
    • Address
      |
      111 Huntington Ave, Suite 2010, Boston, MA 02199
    • Sales
      |sales@bitsighttech.com
    • Contact Us
    Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

    ©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
    • BLOG
    • PARTNERS LOGIN
    • CONTACT US
    • PRIVACY POLICY
    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
    Do not sell my personal information.
    Reject AllAccept
    Cookie Settings
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
    CookieDurationDescription
    cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
    cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
    cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
    cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
    cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
    viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
    Functional
    Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
    Performance
    Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
    Analytics
    Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
    Advertisement
    Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
    Others
    Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
    SAVE & ACCEPT