Opportunistic attacks, the majority of which were financially motivated, were far and away the biggest threat source of 2012, accounting for 75 percent of all breaches analyzed in the latest Verizon Data Breach Investigations Report (DBIR).
State-affiliated cyberespionage campaigns held the number two breach spot, accounting for 20 percent of all covered incidents. This category of breach includes the stealing of intellectual property (i.e. classified information, trade secrets and technical resources) to further national and economic interests.
“The bottom line is that unfortunately, no organization is immune to a data breach in this day and age,” said Wade Baker, principal author of the Data Breach Investigations Report series in a press statement. “We have the tools today to combat cybercrime, but it’s really all about selecting the right ones and using them in the right way."
“In other words, understand your adversary – know their motives and methods, and prepare your defenses accordingly and always keep your guard up,” Baker added.
The report found that 92 percent of all breaches were the product of external threat actors, with those claiming organized crime affiliations accounting for more than half (55 percent). Unlike in past years, the DBIR took this analyis a step further, utilizing the added data supplied by their global partners to take a detailed look at cyberespionage; namely where these attacks originate and how they do their damage.
"[I]t’s fascinatingly apparent that motive correlates very highly with country of origin. The majority of financially motivated incidents involved actors in either the U .S . or Eastern European countries (e.g. Romania, Bulgaria, and the Russian Federation). 96 percent of espionage cases were attributed to threat actors in China and the remaining 4 percent were unknown. This may mean that other threat groups perform their activities with greater stealth and subterfuge. But it could also mean that China is, in fact, the most active source of national and industrial espionage in the world," said the report.
One area in which organizations seem to be lacking is in breach discovery and containment. Threats still take "forever and a day to discover, and that discovery is rarely made by the victim," according to the report. Verizon found that 62 percent of breaches took months to discover, with 4 percent taking years. In 2011, 56 percent of breaches took a month of more to be discovered.
Hacking remained the number one breach method, a factor in 52 percent of all analyzed events. Of those, 76 percent of network intrusions exploited weak or stolen credentials; 40 percent incorporated malware (malicious software, script or code used to compromise information); 35 percent involved physical attacks (such as ATM skimming); and 29 percent leveraged social tactics (such as phishing), according to the report
Instances of phishing were four-times higher than last year, according to the report, which indicated that the tactic was widely employed in cyberespionage campagns.
Bryan Sartin, Director of the Investigative Response team at Verizon Enterprise Solutions said in a video excerpt that the rise in social engineering ploys was one of the more surprising findings.
By casting a wider data net, yet only focusing on the 600+ confirmed breaches, this year's DBIR is able to provide security practitioners with a much more accurate picture of various threat vectors and how they can strengthen their security posture to ensure they are safeguarding their organizations.
The axiom that no organization is immune to attack held true last year, with breaches affecting a wide range of industries: Thirty-seven percent impacted financial organizations, 24 percent targeted retailers and restaurants, Twenty percent of network intrusions involved the manufacturing, transportation and utilities industries, with the same percentage aimed at information and professional services firms.
Now in its ninth year, Verizon’s 2013 DBIR is more widely sourced than ever, including contributing data from Verizon and 18 additional organizations (more than three times the number from last year). The report analyzes the largest data set in its history, covering more than 47,000 reported security incidents and 621 confirmed data disclosures.
A copy of the complete report can be downloaded HERE.