Strong Adversary Fiction
When reading notifications or press releases from large organizations after a breach has occurred, one gets the impression that all hacks are performed by highly advanced adversaries. Barely a day goes by where the loss of customer data isn’t blamed on APTs, State Actors or obscure hacking collectives. But the truth is usually much more boring and embarrassing.
Fault and perception
One of the reasons for this phenomenon is perception management. Many sources - including us - will gladly point out that there is very little any defender can do against a well-funded state actor. So by pretending that every breach is caused by an attacker of this caliber, organizations try to avoid responsibility for breaches.
To use a metaphor, a museum security guard would rightfully be reprimanded for not stopping an unarmed teenage vandal. But if the North Korean military chose to attack, everyone would agree that abandoning his post was the right choice.
What is important to note, however, is that most large-scale breaches are not of the “North-Korea” variety. They aren’t even of the “teenage vandal” variety. Most breaches are of the “we left the door open and the wind blew rain inside which destroyed several exhibits” variety.
The reality of breaches
The vast majority of breaches are caused by perfectly preventable issues. From AWS S3 buckets set to be open to anyone to Phishing attacks against untrained employees, to vulnerable software that hasn’t been updated in months to weak or default passwords used to protect critical systems.
Case in point, according to a new class-action lawsuit filed against Equifax in the US, the company had the password and username for a portal containing customer information set to “admin” and “admin” respectively.
Advanced cyber attacks are very real and a significant problem for governments and large organizations. But the vast majority of breaches don’t happen because of them. Instead, they happen due to gross oversights and poor training of staff.
Always be wary when a breached entity starts talking about the advanced and powerful adversaries behind the attack. While such adversaries cause breaches, evoking them is too often a perception management tactic.