It seems cyber attacks were more opportunistic last year, departing from their earlier stance for financial gains. “Attacks were increasingly motivated by political and social intent,” states the Verizon 2012 Data Breach Investigations Report.
The report which was released today has coined 2011 as the “Year of Hacktivist.”
The findings reveal a dramatic rise of ‘hacktivism' — which is cyber hacking to advance political and social objectives.
Now in its fifth year of publication, the report spans 855 data breaches across 174 million stolen records — the second highest data loss that the Verizon RISK (Research Investigations Solutions Knowledge) team inferred, since it began collating data in 2004.
Verizon was joined by the United States Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting and Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police — the five partners that contributed data to the 2012 Data Breach Report. The findings reinforced the international nature of cyber crime; the number of data breaches at 855 is by far the largest that we have seen in any year, Mr Mark Goudie, Managing Principal for the APAC region at Verizon, said.
Breaches originated from 36 countries, an increase from 22 countries across the globe the previous year. Nearly 70 per cent of the breaches were found to have originated in Eastern Europe.
The findings further revealed that 79 per cent of the attacks were opportunistic. “Ninety six per cent were not highly difficult, meaning, it did not require advanced skills or extensive resources; 97 per cent were avoidable,” said Mr Goudie, sharing the report findings.
Attributing external attacks as being largely responsible for data breaches, he said “this group included organised crime, activist groups, former employees, lone hackers and even organisations sponsored by foreign governments. With the rise in external attacks, the proportion of insider incidents declined to 4 per cent in 2011” .
Hacking and malware continued to dominate the cyber attack scene with outsiders taking the easy route to exploit security flaws and gain access to confidential data.
Personally Identifiable Information (PII) became a jackpot for criminals, since it contained personal information including the person's name, contact details and social security number. “In 2011, 95 per cent of the records lost included personal information compared with only one per cent in 2010,” states the finding.
“Many organisations are still not taking steps to prevent data breaches. Enterprises should eliminate unnecessary data, establish essential security controls, monitor and mine event logs for suspicious activity and prioritise security strategy,” suggest Mr Goudie.