“The bad guys entered through an old blog post from 2012 and hit us hard. It was a State Actor, and our network is now under the control of Chinese Hackers who are wiping us out.” Yeah... okaay.
First Published 23rd October 2019 | Latest Refresh 3rd February 2022
Those who are breached often make immediate assumptions that bear no resemblance to what just happened.
3 min read | Reflare Research Team
When reading notifications or press releases from large organizations after a breach has occurred, one gets the impression that all hacks are performed by highly advanced adversaries. Barely a day goes by where the loss of customer data isn’t blamed on APTs, State Actors or obscure hacking collectives. But the truth is usually much more boring and embarrassing.
Fault and perception
One of the reasons for this phenomenon is perception management. Many sources - including us - will gladly point out that it is very little any defender can do against a well-funded state actor. So by pretending that every breach is caused by an attacker of this calibre, organizations try to avoid responsibility for breaches.
To use a metaphor, a museum security guard would rightfully be reprimanded for not stopping an unarmed teenage vandal. But if the North Korean military chose to attack, everyone would agree that abandoning his post was the right choice.
What is important to note, however, is that most large-scale breaches are not of the “North Korea” variety. They aren’t even of the “teenage vandal” variety. Most breaches are of the “we left the door open and the wind blew rain inside which destroyed several exhibits” variety.
The reality of breaches
The vast majority of breaches are caused by perfectly preventable issues. From AWS S3 buckets set to be open to anyone to Phishing attacks against untrained employees, to vulnerable software that hasn’t been updated in months to weak or default passwords used to protect critical systems.
Case in point, according to a class-action lawsuit filed against Equifax in the US, the company had the password and username for a portal containing customer information set to “admin” and “admin” respectively.
Chill your assumptions
Advanced cyber attacks are very real and a significant problem for governments and large organizations. But the vast majority of breaches don’t happen because of them. Instead, they happen due to gross oversights and poor training of staff. The good news here is that it can be addressed.
Always be wary when a breached entity starts talking about the advanced and powerful adversaries behind the attack. While such adversaries cause breaches, evoking them is too often a perception management tactic to push immediate blame away from a far less exciting reality.
However, if you really must come up with some outlandish excuse for why you were breached, you should consider staying abreast of the latest IT security trends, cybersecurity developments and data breaches to ensure you don't use one that's already been taken! Conveniently, we can help out with this - Subscribe to Reflare's newsletter. Additionally, check out the related research on the topic below.