I'm finally getting around to leafing through Verizon's 2013 Data Breach Investigations Report. Nothing surprises me here, but there are some interesting details that illustrate how hard the task of data security continues to be for many enterprises.
Verizon analyzed 47,000 reported security incidents from 28 different countries for this report, also drawing on data from 19 security organizations. "The 2012 combined dataset represents the largest we have ever covered in any single year, spanning 47,000-plus reported security incidents, 621 confirmed data disclosures, and at least 44 million compromised records (that we were able to quantify)," the report says. "Over the entire nine-year range of this study, that tally now exceeds 2,500 data disclosures and 1.1 billion compromised records."
Here are some of the talking points in the report:
Taking the top spot for all breaches in the 2013 report is financially motived cybercrime (75 percent), with state-affiliated espionage campaigns claiming the No. 2 spot (20 percent). Breaches in the No. 2 spot include cyberthreats aimed at stealing intellectual property -- such as classified information, trade secrets and technical resources -- to further national and economic interests. The 2013 DBIR also found that the proportion of incidents involving hacktivists -- who act out of ideological motivations or even just for fun -- held steady; but the amount of data stolen decreased, as many hacktivists shifted to other methods such as distributed denial of service (DDoS) attacks. These attacks, aimed at paralyzing or disrupting systems, also have significant costs because they impair business and operations.
External attacks remain largely responsible for data breaches, with 92 percent of them attributable to outsiders and 14 percent committed by insiders. This category includes organized crime, activist groups, former employees, lone hackers and even organizations sponsored by foreign governments. As in the prior year’s report, business partners were responsible for about 1 percent of data breaches. In terms of attack methods, hacking is the No. 1 way breaches occur. In fact, hacking was a factor in 52 percent of data breaches. Seventy-six percent of network intrusions exploited weak or stolen credentials (user name/password); 40 percent incorporated malware (malicious software, script or code used to compromise information); 35 percent involved physical attacks (such as ATM skimming); and 29 percent leveraged social tactics (such as phishing).
The proportion of breaches incorporating social tactics such as phishing was four-times higher in 2012, which, according to the breach report, is directly related to the tactic’s widespread use in targeted espionage campaigns. Additionally, the compromise-to-discovery timeline continues to be measured in months and even years, as opposed to hours and days. Finally, third parties continue to detect the majority of breaches (69 percent).
And here are a couple of infographics: