More than half of the 44 million records that were compromised last year were through hack attacks, while external parties committed the bulk of the 47 000 security incidents reported in Verizon's 2013 Data Breach Investigations Report.
The recently-released report, which incorporates findings from 19 other entities around the globe, covers last year, and the dataset is the largest Verizon has ever covered in any single year. The report spans more than 47 000 reported security incidents, 8 621 confirmed data disclosures, and at least 44 million compromised records.
"Over the entire nine-year range of this study, that tally now exceeds 2 500 data disclosures and 1.1 billion compromised records."
According to the report, 52% of breaches were via hacking, some 40% from malware, 76% of network intrusions exploited weak or stolen credentials, and 35% involved physical attacks. Some 29% leveraged social tactics, and 13% arose from privilege misuse and abuse.
Verizon points out that some attacks used multiple methods, although the one-two combination of hacking and malware struck less often in 2012.
Inside job
The bulk of the attacks, at 92%, were perpetrated by outsiders, with 14% committed by insiders, and around two-thirds of breaches remained undiscovered for months or longer. "An organisation will always have more outsiders than insiders, and the Internet connects criminals to a virtually limitless host of potential victims," says the report.
Verizon explains that many figures do not add up to 100%, because several items can apply to any one given incident.
"The vast majority of 2012 breaches involve outsiders, though their exclusivity appears somewhat curbed when compared to 2011. The two big reasons for the dominance of external actors are their numerical advantage and greater attack scalability.
The report notes that most insider breaches were deliberate and malicious in nature, and the majority was financially motivated.
"Of course, not all insiders are about malice and money. Inappropriate behaviours such as 'bringing work home' via personal e-mail accounts or sneakernetting data out on a USB drive against policy also expose sensitive data to a loss of organisational control."
Some breaches, although not common, also involved sending sensitive documents to the wrong recipients, as well as less-frequent mistakes by system administrators and programmers. "For instance, one incident in our caseload involved an errantly configured application debug setting that caused sensitive financial data to be stored insecurely and exposed to unauthorised parties."
Victims
Most of the attacks were against financial institutions, at 37%. Verizon says this was mainly due to a large number of ATM skimming incidents. Once skimming attacks are filtered out, the sector drops down the list, it says.
The report notes that 24% of breaches took place in retail environments and restaurants, while 20% of network intrusions involved manufacturing, transportation, and utilities. In addition, the same percentage of network intrusions hit information and professional services firms.
More than half of all external breaches tie to organised criminal groups, reflecting the high prevalence of illicit activities associated with threat actors of this ilk, such as spamming, scamming, payment fraud, account takeovers and identity theft.
Verizon says professional criminals are driven by a money motive. "As economic and social activities continue to go online, criminals will follow in order to exploit the soaring amount of data that can be (all too easily) converted to cash."
For more than 75% of the breaches in the dataset, the threat actor's country of origin was discoverable, and these were distributed across 40 different nations, says the report. The majority of financially-motivated incidents involved actors in either the US or Eastern European countries, it adds.
The bulk of espionage cases, at 96%, were attributed to threat actors in China and the remaining 4% were unknown.
"This may mean that other threat groups perform their activities with greater stealth and subterfuge. But it could also mean that China is, in fact, the most active source of national and industrial espionage in the world today."
Learn more
You can uncover more on cyber security at ITWeb Security Summit 2013, on at the Sandton Convention Centre from 7 to 9 May.
These top-level speakers will unravel the issue, and provide usable, practical information:
* Keynote speaker Misha Glenny will discuss the struggle for the Internet, with emphasis on Web control, crime, commercial espionage, spying and warfare.
* Johann van der Merwe, global head of information security at De Beers Group, will discuss integrating information security with world-class physical security, and what can be gained from this approach.
* Lessons learned from the trenches of targeted attacks: Robert McArdle, manager of Trend Micro's Advanced Threat Research team for EMEA.
* A higher-level approach to cyber security: Key principles to prepare for, defend against and respond to threats: Inbar Raz, malware research, Check Point.
* Cyber threat combating initiatives planned for Africa: Craig Rosewarne, founder, chairman and MD of ISG / Wolfpack Information Risk.
* Offence-oriented defence: Dominic White, CTO, SensePost.
To book your place at the event, click here.
Share