'Hacktivism' Reigned in 2011: Verizon

Since hacktivism is a factor in more than half the breaches, outsiders predominantly lead attacks.

Hacktivism€”cyber-hacking to advance political and social objectives€”accounted for 58 percent of the data stolen last year, according to Verizon€™s annual data breach report. The latest study found the trend contrasts sharply with the data breach pattern of the past several years, during which the majority of attacks were carried out by cyber-criminals, whose primary motivation was financial gain.

Nearly four-fifths (79 percent) of the attacks represented in the report were opportunistic. Of all the attacks covered in the report, 96 percent were not highly difficult. Additionally, 97 percent were avoidable, without the need for organizations to resort to difficult or expensive countermeasures. The report also contains recommendations that large and small organizations can implement to protect themselves.

External attacks remain largely responsible for data breaches, with 98 percent of them attributable to outsiders. This group includes organized crime, activist groups, former employees, lone hackers and even organizations sponsored by foreign governments. With a rise in external attacks, the proportion of insider incidents declined again this year, to 4 percent. Business partners were responsible for less than 1 percent of data breaches.

Since hacktivism is a factor in more than half the breaches, outsiders predominantly led attacks. Only 4 percent of attacks implicated internal employees. In particular, personally identifiable information (PII) has become a jackpot for criminals. PII, which can include a person€™s name, contact information and Social Security number, is increasingly becoming a choice target. In 2011, 95 percent of records lost included personal information, compared with only 1 percent in 2010.

€œWith the participation of our law enforcement partners around the globe, the '2012 Data Breach Investigations Report' offers what we believe is the most comprehensive look ever into the state of cyber-security,€ said Wade Baker, Verizon€™s director of risk intelligence. €œOur goal is to increase the awareness of global cyber-crime in an effort to improve the security industry€™s ability to fight it while helping government agencies and private sector organizations develop their own tailored security plans.€

In terms of attack methods, hacking and malware have continued to increase. In fact, hacking was a factor in 81 percent of data breaches and in 99 percent of data lost. Malware also played a large part in data breaches; it appeared in 69 percent of breaches and 95 percent of compromised records. The report concluded external attackers favor hacking and malware, as these attack methods allow them to attack multiple victims at the same time from remote locations.

€œThe report demonstrates that, unfortunately, many organizations are still not getting the message about the steps they can take to prevent data breaches,€ Baker said. €œThis year, we have segmented our recommendations for enterprises and small businesses in the hope that this will make our suggestions more actionable. Additionally, we believe greater public awareness about cyber-threats and user education and training are vitally important in the fight against cyber-crime.€

Now in its fifth year of publication, the report covers 855 data breaches across 174 million stolen records€”the second-highest data loss that the Verizon Risk team has seen since it began collecting data in 2004. Verizon was joined by five partners that contributed data to this year€™s report: the United States Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting and Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police.