75% of Breaches Financially Motivated, 20% Are Espionage
Money was still by far the biggest motivation behind data
breaches in 2012, followed by state-sponsored espionage, according to a new report from Verizon. "Hacktivists" were as busy as ever, but shifted their attention away from data theft to instead paralyzing or disrupting systems.
The Verizon 2013 Data Breach Investigations Report found that financially motivated cybercrime tops its list at 75 percent of all breaches. State-affiliated espionage campaigns claimed the second spot at 20 percent.
The report also found that the proportion of incidents involving hacktivists held steady. But many hacktivists shifted from data theft to other methods of disruption such as distributed denial of service (DDoS) attacks. These attacks also have significant costs because they impair business and operations.
"The bottom line is that, unfortunately, no organization is immune to a data breach in this day and age," said Wade Baker, principal author of the Data Breach Investigations Report series. "We have the tools today to combat cybercrime, but it's really all about selecting the right ones and using them in the right way. In other words, understand your adversary -- know their motives and methods, and prepare your defenses accordingly, and always keep your guard up."
Hacking Leads the Way
Who are the victims? It runs the gamut. Thirty-seven percent of breaches affected financial organizations, while 24 percent affected retailers and restaurants. Twenty percent of network intrusions involved the manufacturing, transportation and utilities industries. The same percentage affected information and professional services firms. The cyberattacks occurred in 27 countries, and 38 percent affected larger organizations.
External attacks remain largely responsible for data breaches, with 92 percent of them attributable to outsiders and 14 percent committed by insiders. This category includes organized crime, activist groups, former employees, lone hackers and even organizations sponsored by foreign governments. As in the 2012 report, business partners were responsible for about 1 percent of data breaches.
Hacking is the No. 1 way breaches occur. Indeed, hacking was a factor in 52 percent of data breaches. Seventy-six percent of network intrusions exploited weak or stolen credentials, i.e. user name and password. Another 40 percent incorporated malware, such as malicious software, script or code used to compromise information. Thirty-five percent involved physical attacks, such as ATM skimming. And 29 percent leveraged social tactics, such as phishing.
More Sophisticated than Ever
Ken Pickering, development manager for security intelligence at CORE Security, told us attacker profilers have advanced since the inception of cybercrime and cyber-espionage.
"We see the level of sophistication and organization rapidly increasing, and for the most part, are unable to cope with the emerging threat they pose. What worries corporations and governmental entities is the level of risk offered by state-sponsored groups," Pickering said.
"They have resources and skills to pull off large-scale IP theft, which first gained public media attention though the Aurora hack in 2009. And that threat hasn't lessened over time. If anything, it's more prevalent. It also shows us that companies with intellectual property have a lot to lose. We're not just seeing fraud attacks anymore, but skilled exfiltration of this country's corporate secrets."
Jim Butterworth, chief security officer at HBGary, is not surprised that the number of incidents is going up. He told us people are still using antiquated indicators or signature-based solutions to find tomorrow's threat.
"The attackers are creating malware using custom code that can't be detected by IOCs or anti-virus," Butterworth told us. "Targeted attacks are not like a computer virus that can be handled like a cyber-housekeeping duty. Instead, organizations need to invest in technology, people and processes to respond quickly to these types of threats."
A Sobering State of the Union
We also spoke with Ori Eisen, founder, chairman and CIO of 41st Parameter, about the study. He said the report is sobering and reflects the state of the union.
"It manifests the prediction that in due time, the network itself will become the weakest link, based on the core technology it is built on, namely, the TCP/IP protocol," Eisen said. "When the Internet began in the mid-'90s, budding e-commerce players jumped in. There was a period of trepidation and wait-and-see attitude in corporations to see if this was a fad or a trend."
Eisen said we've all since jumped in -- and the warnings of 20 years about security and what could happen have been lost in the shuffle. As he sees it, the 2013 report is a reminder that without ample security layers on top of the inherently insecure TCP/IP protocol -- any online estate is exposed.
What's more, he said, the scale and growth of DDoS and other breaches tells us that there is a need for a more secure network, which will have a different underpinning -- this time, with security built-in from the ground up.
"Until then, executives who read the report should ask themselves if they have fortified their online estate to the maximum possible, given the state-of-the-art tools that are commercially available," Eisen said. "These include a security and fraud detection system that detects the four main touch points of the digital consumer journey: account opening/registration, account log-in/authentication, account takeover, and transactional anomaly detection.
"With device intelligence and a layered fraud solution even when credentials are breached, their customers remain protected."