Last year's worldwide social upheaval was accompanied by an equally large online upheaval, with an unprecedented level of cybersecurity breaches under the new mantra of "hacktivism," according to an annual report by Verizon Communications.
Analyzing reports of data breaches by Verizon's RISK team, with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and U.S. Secret Service, the report analyzes 855 incidents during the calendar year involving 174 million compromised records.
Who Is Responsible?
The report found that 98 percent of the data breaches stemmed from external agents, up 6 percent from last year, while 4 percent implicated internal employees of the targeted organizations (down 13 percent). Only 1 percent of the breaches were committed by business partners. Fifty-eight percent of the breaches were tied to hacker activist groups, the most well known being Anonymous (no comparison figure from last year was given).
"Their entrance onto the stage also served to change the landscape somewhat with regard to the motivations behind breaches," the report says. "While good-old-fashioned greed and avarice were still the prime movers, ideological dissent and schadenfreude took a more prominent role across the caseload."
The Data Breach Investigations Report finds that because money or power was not a motive, the trail of victims follows no known pattern of rhyme or reason.
"Many, troubled by the shadowy nature of its origins and proclivity to embarrass victims, found this trend more frightening than other threats, whether real or imagined," reads the executive summary. "Doubly concerning for many organizations and executives was that target selection by these groups didn't follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can't predict their behavior.
Canada-based cybersecurity adviser Chet Wisniewski of the firm Sophos said that while the information in the report is useful, "this is largely a blip and an unscientific one at that. We must remember that customers who choose Verizon to investigate their breaches are self-selecting and are not representative of the larger marketplace. The vast majority of data breaches go unreported so there is little to compare the numbers to."
But Wisniewski added that the report demonstrates the sad state of modern data security.
No More Ostriches
"Whether the attacks are being carried out by 'hacktivists' or cyber thieves shouldn't matter," he said. "Organizations are doing a terrible job of keeping our information safe from any type of attacker, and Verizon's report should be a wake-up call. It is time for companies to pull their heads out of the sand and take responsibility for what they have been entrusted with."
Another report, by Data Loss Database, found that 126,749,634 personally identifying records were stolen in 2011 in 369 publicly reported incidents.
Verizon's report (http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf) includes recommendations for warding off cybercriminals for both point-of-sale businesses and large companies.