Since hacktivism is a factor in more than half the breaches, outsiders predominantly lead attacks.
advance political and social objectivesaccounted for 58 percent of the data
stolen last year, according to Verizons annual data breach report. The latest
study found the trend contrasts sharply with the data breach pattern of the past
several years, during which the majority of attacks were carried out by cyber-criminals,
whose primary motivation was financial gain.
Nearly four-fifths (79
percent) of the attacks represented in the report were opportunistic. Of all the
attacks covered in the report, 96 percent were not highly difficult.
Additionally, 97 percent were avoidable, without the need for organizations to
resort to difficult or expensive countermeasures. The report also contains
recommendations that large and small organizations can implement to protect
External attacks remain
largely responsible for data breaches, with 98 percent of them attributable to
outsiders. This group includes organized crime, activist groups, former
employees, lone hackers and even organizations sponsored by foreign
governments. With a rise in external attacks, the proportion of insider
incidents declined again this year, to 4 percent. Business partners were
responsible for less than 1 percent of data breaches.
Since hacktivism is a factor
in more than half the breaches, outsiders predominantly led attacks. Only 4
percent of attacks implicated internal employees. In particular, personally
identifiable information (PII) has become a jackpot for criminals. PII, which
can include a persons name, contact information and Social Security number, is
increasingly becoming a choice target. In 2011, 95 percent of records lost
included personal information, compared with only 1 percent in 2010.
With the participation of
our law enforcement partners around the globe, the '2012 Data Breach
Investigations Report' offers what we believe is the most comprehensive look
ever into the state of cyber-security, said Wade Baker, Verizons director of
risk intelligence. Our goal is to increase the awareness of global cyber-crime
in an effort to improve the security industrys ability to fight it while
helping government agencies and private sector organizations develop their own
tailored security plans.
In terms of attack methods,
hacking and malware have continued to increase. In fact, hacking was a factor
in 81 percent of data breaches and in 99 percent of data lost. Malware also
played a large part in data breaches; it appeared in 69 percent of breaches and
95 percent of compromised records. The report concluded external attackers
favor hacking and malware, as these attack methods allow them to attack
multiple victims at the same time from remote locations.
The report demonstrates
that, unfortunately, many organizations are still not getting the message about
the steps they can take to prevent data breaches, Baker said. This year, we
have segmented our recommendations for enterprises and small businesses in the
hope that this will make our suggestions more actionable. Additionally, we
believe greater public awareness about cyber-threats and user education and
training are vitally important in the fight against cyber-crime.
Now in its fifth year of
publication, the report covers 855 data breaches across 174 million stolen
recordsthe second-highest data loss that the Verizon Risk team has seen since
it began collecting data in 2004. Verizon was joined by five partners that
contributed data to this years report: the United States Secret Service, the
Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish
Reporting and Information Security Service and the Police Central e-Crime Unit
of the London Metropolitan Police.