Study: Hackers are getting in 'at will'

At this point, hackers “are bypassing conventional security deployments almost at will,” according to a report out Thursday from security firm FireEye.

Of the 1,200 companies FireEye reviewed in the first half of 2014, every retailer was compromised, every healthcare and pharmaceutical company was breached and all but 9 percent of entertainment and media organizations were infiltrated. And in many industries, these attacks are increasingly launched with the direction or support of a government.

ADVERTISEMENT

It’s bad, FireEye concluded, and not getting better.

“Given the widespread failings of conventional security deployments, organizations must consider a new approach to securing their IT assets,” the firm said.

FireEye collected data between January and June of 2014, using 1,600-plus sensors placed on networks spread across dozens of countries and more than 20 industries.

“The results were a startling indictment of conventional security architectures,” the study said.

Government-backed hackers increasingly focused their efforts on the legal, healthcare, high tech and retail industries in the first half of 2014.

Government-launched intrusions at law firms have doubled since FireEye’s first report on the issue, which covered late 2013. Government-sponsored breaches at healthcare, high tech and retail companies were all up roughly a third.

Overall, just over a fourth of all cyber assaults were supported in some fashion by government officials.

And hackers are not using cutting-edge technology to bypass security systems.

“This continued shortcoming is especially alarming given that nearly all of the advanced malware used in these breaches are well-known to security researchers and vendors,” FireEye said.

Hacks on retailers and the entertainment industry generated headlines in the U.S. throughout 2014. A massive data breach at Home Depot exposed 56 million customers’ sensitive information, thought to be the largest retailer breach on record. The recent debilitating cyberattack on Sony Pictures Entertainment has driven more cyber talk from lawmakers than any previous incident.

Industry groups have argued these attacks could be better thwarted if Congress were to pass legislation to enable the public and private sector to exchange cyber threat information.

Lawmakers have vowed to make such a bill top priority in 2015, but many are skeptical a new Congress can move anything quickly.

“There’s been so much turnover in Congress,” it will take “awhile for Congress to reset,” said Kristen Eichensehr, an international security professor at the University of California, Los Angeles, School of Law and former State Department attorney.