Verizon's 2012 Data Breach Investigations Report reveals the dramatic rise of “hacktivism”, or cyber hacking to advance political and social objectives.
In 2011, 58% of data stolen was attributed to hacktivism, a trend that contrasted sharply with the data-breach patterns of previous years in which most attacks were carried out by cyber criminals.
The report also noted that 79% of attacks were opportunistic, meaning this type of attack still outweighs targeted attacks.
"Targeted attacks tend to get more coverage because, although they are lower in volume, they are usually high-impact," said Wade Baker, Verizon’s director of risk intelligence.
Of all attacks investigated, 96% were not very difficult and 97% of breaches could have been avoided without resorting to difficult or expensive countermeasures.
Most attacks are carried out by organised cyber criminal groups who target small and medium business using simpler attacks, said Baker.
"This is the cyber criminals' business model. They commoditise attacks so that they can be repeated frequently, with low risk of being detected or caught," he said.
With theft of intellectual property, for example, attacks tend to be more sophisticated and more targeted.
Baker said the reason so many organisations are still susceptible to simple attacks was down to a combination of several factors.
Smaller companies tend to ignore the fact that they can be attacked by organised criminals because they have a point of sales system; many smaller companies outsource system maintenance and security, but service providers are not always as capable as they should be; and, while larger companies may have the knowledge, IT security teams have the additional challenge of thousands of systems and devices spread over different geographical locations, he said.
Global extent of cyber crime
The fifth annual report spans 855 data breaches across 174 million stolen records. This was the second highest data loss the Verizon Risk team had seen since it began collecting data in 2004.
Data was contributed by the US Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police.
"With the participation of our law enforcement partners around the globe, the 2012 Data Breach Investigations Report offers what we believe is the most comprehensive look ever into the state of cyber security,” said Baker.
“Our goal is to increase the awareness of global cyber crime in an effort to improve the security industry’s ability to fight it while helping government agencies and private sector organisations develop their own tailored security plans,” he said.
The findings reinforced the international nature of cyber crime with breaches originating from 36 countries, up from 22 countries the year before.
External attacks remain largely responsible for data breaches, with 98% attributable to outsiders. This group includes organised crime, activist groups, former employees, lone hackers and even organisations sponsored by foreign governments. Business partners were responsible for less than 1% of data breaches.
Of attack methods, hacking and malware have continued to increase, with hacking a factor in 81% of data breaches and in 99% of data lost. Malware also played a large part in data breaches, appearing in 69% of breaches and 95% of compromised records.
Hacking and malware are favoured by external attackers, the report said, as these attack methods allow them to attack multiple victims at the same time from remote locations. Many hacking and malware tools are designed to be easy and simple for criminals to use.
The report said the time between compromise and discovery was still measured in months and even years, rather than hours and days. Third parties were responsible for detecting 92% of breaches.
Smaller companies tend not to have the technology or the skills to detect intrusions and, while larger organisations may have intrusion detection systems in place, they are often deployed only to meet compliance requirements, said Baker.
"Consequently, these systems are often tuned down to generate as few false positive as possible and are consequently of very little real good," he said.
According to Baker, the findings indicate the ability of organisations of all sizes to detect intrusions remains immature.
Recommendations for enterprises
Eliminate unnecessary data
Unless there is a compelling reason to store or transmit data, destroy it. Monitor all important data that must be kept.
Establish essential security controls
Organisations must ensure proper security controls are in place and they are functioning correctly. Monitor security controls regularly.
Place importance on event logs
Monitor and mine event logs for suspicious activity – breaches are usually identified by analysing event logs
Prioritise security strategy
Enterprises should evaluate their threat landscape and use the findings to create a unique, prioritized security strategy.
Recommendations for small organisations
Use a firewall
Install and maintain a firewall on internet-facing services to protect data. Hackers cannot steal what they cannot reach.
Change default credentials
Point-of-sale (POS) and other systems come with pre-set credentials. Change the credentials to prevent unauthorised access.
Monitor third parties
Third parties often manage firewalls and POS systems. Organisations should monitor these vendors to ensure they have implemented the above security recommendations, where applicable.