"The
bad guys are winning," according to Verizon's 2014 Data Breach Investigations Report
(DBIR) that says there is large increase in cyber-crime, the report's lead
author Wade Baker says. But somehow that is not all bad news?
According to the authors, this year more than 63,000 security incidents were
analyzed, but the high figure should not be too intimidating: The dataset
that underpins the DBiR is comprised of over 63,000 confirmed security
incidents (Sixty-Three Thousand). That rather intimidating number is a
by-product of another shift in philosophy with this year’s report; we are
no longer restricting our analysis only to confirmed data breaches. This
evolution of the DBiR reflects the experience of many security
practitioners and executives who know that an incident need not result in
data ex-filtration for it to have a significant impact on the targeted business.
Of these 63,000 incidents, just 1,367 were confirmed data breaches affecting 95
countries.
The report,
which has been compiled by Verizon's security arm every year for the last
decade, finds that 97 percent of crimes fall into nine categories of security
breaches, including point of sales intrusions, web app attacks, cyber
espionage, insider misuse, card skimmers, DOS attacks, crimeware, miscellaneous
errors and physical theft.
Courtesy of
Verizon
According to
the DBIR, point of sale, or POS, intrusions have actually gone down since 2011,
falling from 31 percent of all breaches to 14 percent. This means that
shoppers' information is less likely to be accessed when they make their
purchases, which should be somewhat comforting. (However, Target's massive
breach last winter, probably the biggest of the year, was essentially
a point of sale attack. The report also breaks down which industries are most
vulnerable to which types of theft:
The
breakdown of these crimes also suggests that hackers are more interested in
intellectual property than actual property. Re/code's Arik Hesseldahl explains: While fraud and
financial motivations still tend to dominate the spectrum of reasons behind
cyber-crime, believe it or not, they declined as a proportion of the whole in
2013. Meanwhile, attempts to steal intellectual property rose, Jacobs said. “It
is not all about money any more but who has the intellectual property,” he said. Hesseldahl notes that these are often
inside jobs, crimes perpetrated by company employees stealing proprietary
information to set up a rival business. Web app hacking is also on the
rise, but 65 percent of those are motivated by "ideology or
fun."
Concurringly,
cyber-crime is also on the rise against countries especially the U.S. in the
form of on-line espionage. Espionage-related hacking was traced back to Chinese
and East Asian residents in 49 percent of cases, but Eastern European hackers
are gaining ground, launching about one-fifth of overall espionage attacks in
2013. And, to make matters worse, hackers are able to access data faster than in previous
years. The report authors note that though more cases of
espionage were catalogued and the latest DBIR, this could just be because
Verizon looked at more data sources in the most recent report.
Though the
report is something of a mixed bag, Baker warns that the threat of cyber-crime
is increasing overall. "After analyzing 10 years of data, we realize most
organizations cannot keep up with cyber-crime and the bad guys are
winning," he said, but added that "by applying big
data analytic to security risk management, we can begin to bend the curve and
combat cyber-crime more effectively and strategically." The authors offer
basic protections for individuals and companies, some of them as simple as
using two-step verification and keeping your system up to date.
This article
was originally published at http://www.thewire.com/technology/2014/04/report-shows-cyber-espionage-is-on-the-rise/361024/
1 comment:
Thank you for the information
Post a Comment