Interpreting the 2012 Verizon Breach Report

Since 2004 the Verizon RISK Team has been tracking data and online security breaches on an annual basis, publishing an annual Data Breach Investigation Report (DBIR).  The 2012 report represents a collaboration of international government security agencies united in stifling the growth of online theft and crime.  The United States Secret Service, Dutch National High Tech Crime Unit, Australian Federal Police, Irish Reporting & Information Security Service, Police Central e-Crime Unit and London Metropolitan Police all combined to bring together this wealth of data for an intriguing and informative look at the evolving cyber-crime landscape.

The study examined 855 incidents that took place in 2011 and resulted in 174 million compromised records.  Data was collected from first-hand evidence through external forensic investigations of confirmed incidents on an international including 36 different countries in total.  Though this information comes on a widely global scale, it speaks volumes as to the future direction of online threats for any organization or business and means of prevention.

Boiling it down, the DBIR states that external attacks are on the rise while internal attacks are diminishing.  Though attacks on larger entities (those organizations employing at least 1,000 people) have larger impacts and are publicized far more widely, the number of attacks on these organizations was well under that of smaller businesses.  

Threat origins over time by percent of breach:

Cyber-criminals are creatures of convenience; smaller businesses are more plentiful and represent easy targets.  The report states that many of the smaller organizations victimized did not have sufficient data security in place or measures were not properly configured, making the breaches that much easier.  

This past year saw the biggest statistical change in the form of increased attacks against worldwide groups.  One of the bigger findings to come out of the report is the notable increase in what Verizon referred to as ideological attacks, or even better described as hacktivism. Hacktivists are not typically motivated by financial gain, but rather united against an organization whose goals are in conflict with their beliefs.  This is mostly good news for the small business owner considering they will likely never be the target of hactivism.  However, this does not completely put SMB in the clear.  As data from this report states, smaller organizations represent easier targets.  Most threats directed at small to medium businesses are done so for financial or personal gain, which also represents the majority of types of attacks, as noted in the below graph:

Hacking and malware came out on top for tactics used to breach data systems, while the majority of incidents were discovered by a third-party provider long after the breach had occurred.  This data points to a greater need for proactive network and data security, especially in the realm of small to medium sized businesses.

Smaller organizations were found to be more susceptible to malware types such as: Keyloggers, Form-grabbers and Spyware.  These are attacks that occur on a large scale and are usually externally automated, bundled with other malware agents.  Mostly affecting smaller companies in the retail and hospitality industry, many of these breaches are a result of improperly secured credential information.  The majority of these methods can easily be turned away with the properly configured security software and hardware.  Simple steps like changing default login credentials on servers can make a huge difference.  

As this report illustrated there are many faces to data theft and a multitude of methodologies.  The best thing organizations can do – organizations of all sizes – is continue to invest in improved data security measures.  Online attacks are constantly evolving – make sure your IT managers and network administers are on top of their game or enlist a 3rd party online security expert to help you manage your risks and security environment.