Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:18 PM
Connect Directly

No 'One Size Fits All' In Data Breaches, New Verizon Report Finds

Verizon Data Breach Investigations Report 2013 says financial cybercrime accounting for three-fourths of real-world breaches, followed by cyberespionage in one-fifth of breaches

If there's one big theme of the just-released Verizon Data Breach Investigations Report (DBIR), it's demographics: All sizes of organizations are getting hacked, and different industries are getting hit for different reasons and with different attack methods.

"We shouldn't have a one-size-fits-all approach," Jay Jacobs, senior analyst for the Verizon RISK Team, says is one of the biggest takeaways from this year's report, which was the biggest one yet in terms of data and sources. "There's a big difference between [attacks hitting] a retailer and financial institutions versus manufacturers or consultants."

The report -- which draws from 621 confirmed data breaches, 47,000 reported security incidents, and 44 million compromised records worldwide in 2012 from Verizon as well as the US Computer Emergency Response Team and other national CERTs, the U.S. Secret Service, and law enforcement agencies in Europe -- shows that 75 percent of all breaches last year were the result of financially motivated cyberattacks, while 20 percent were cyberespionage for stealing intellectual property or other information for competitive purposes. Hacktivism remained steady, but with more distributed denial-of-service (DDoS) attacks than "doxing" or other forms or data theft.

Outsiders again reigned as the top attackers, making up 92 percent of the attackers that hit organizations last year. Next were state-sponsored attackers -- the majority from China -- with 19 percent of the attacks, and 14 percent were executed by insiders. Financial firms were hit the most, with 37 percent of last year's breaches, followed by retailers and restaurants, 24 percent; manufacturing, transportation, and utilities, 20 percent; and information services and professional services, 20 percent.

Nearly 40 percent of all attacks hit large organizations, but smaller organizations represented a large number of breached organizations when it came to cyberespionage-type attacks: Some 22 of the organizations suffering cyberespionage last year were firms with only one to 100 employees, mainly in manufacturing and professional services, and 23 firms with 101 to 1,000 employees, mainly in manufacturing. Firms with 1,001 to 10,000 employees accounted for 36 of the cyberespionage attacks.

"That size variable was a surprise to me," Jacobs says. "We saw an even split [overall] between large and small organizations ... The best theory we could come up with was that in a lot of the main industries here -- manufacturing and professionals services like consultants, programming or engineering -- there's a lot of intelligence-gathering in their relationships. So attackers may go after a small manufacturing company because they manufacture something on behalf of a bigger company. So they generate this intellectual property."

[Half of all targeted attacks last year hit companies with less than 2,500 employees, and overall, targeted cyberattacks jumped 42 percent in 2012, new Symantec data show. See Small Businesses Now Bigger Targets In Cyberattacks.]

Other key findings were that organizations typically don't discover that they've been breached for months and even years after the fact, and nearly 70 percent of them learn from a third party. And when it comes to cyberespionage attacks, 96 percent of them were attributed to attackers in China, while the majority of financially motivated breaches came from attackers in the U.S. or Eastern Europe. Romania was No. 1 there, with 28 percent of the attacks.

Origin of External Actors: Top 10

Source: 2013 Verizon Data Breach Investigations Report (DBIR)

And even amid growing concerns about mobile security and the bring-your-own device explosion, mobile wasn't a factor in the breaches last year, according to Verizon's report. "We're just not seeing [mobile] yet," Verizon's Jacobs says. "It's either because it's not holding data, or there's an easier path to the data ... But that may change as it becomes more ubiquitous and standardized."

A combination of methods contributed to attackers hitting their marks, but hacking (52 percent) was the most common technique, followed by malware (40 percent); physical, such as ATM skimmers (35 percent); social (29 percent); misuse (13 percent); and user mistakes (2 percent).

Meanwhile, the report highlights just how crucial demographics are to unraveling data breach incidents. Different industries are more prone to specific threats than others, for instance, and also face different types of attack methods. Smaller firms also face different attack methods than larger ones. "We see a diverse set of tactics," Jacobs says.

Financial cybercrime actors typically hit smaller organizations by compromising weak passwords on an admin's account, for example, and gather their intel on this via automated scans looking for open ports and weak passwords to gain remote admin control. "With smaller targets, it's more of low-hanging fruit," Jacobs says. "With larger targets, we see a more diverse set of attacks."

With larger targets, phishing and malware are a popular combination, especially in cyberespionage, but that also is typical with targeted spying attacks on smaller firms. The bottom line is a one-size-fits-all approach to security is detrimental, according to Verizon. "Any attempt to enforce a one-size-fits-all approach to securing our assets may result in leaving some organizations underprotected from targeted attacks, while others potentially overspend on defending against simpler opportunistic attacks," the report says.

Overall, phishing tactics quadrupled in 2012, a jump Verizon attributes to the popularity of phishing in targeted cyberespionage campaigns.

Organized crime syndicates mostly out of Eastern Europe and North America typically target the finance, retail, and food industries for payment cards, credentials, and bank information, while state-sponsored attackers mostly out of China go after manufacturing, professional, and transportation firms for credentials, organizations, data, trade secrets, and system information, the report says.

Hacktivists, mostly from North America and Western Europe, target information, public, and other services, mainly for credentials, personal information, and internal organization data, Verizon says.

"The bottom line is that unfortunately, no organization is immune to a data breach in this day and age," said Wade Baker, principal author of the DBIR reports. "We have the tools today to combat cybercrime, but it's really all about selecting the right ones and using them in the right way. In other words, understand your adversary -- know their motives and methods, and prepare your defenses accordingly and always keep your guard up."

The full Verizon 2013 DBIR is available here (PDF).

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
4/29/2013 | 5:43:59 PM
re: No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
I donGt think that it
is so much the size of the organizations as it is the ease of access into these
systems. Financial gains and corporate espionage
make up the top 2 on the list, and those factors do not care about the size or
demographic of your company. The chart really puts it into perspective for the reader.
Now take for example the governments in these countries and it also makes sense
as to high number of corporate espionage that is taking place in that county.
With the growing number of mobile devices and technology in the mobile field
constantly expanding the attacks and the vulnerabilities are sure to be on the
rise just as quickly as the industry.

Paul Sprague

InformationWeek Contributor
User Rank: Strategist
4/23/2013 | 11:38:00 AM
re: No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
Good catch, John! The URL in Verizon's release on the report was incorrect--updating my article now with the link to the latest report. Thank you.

Kelly Jackson Higgins, Senior Editor, Dark Reading
John Jameson
John Jameson,
User Rank: Apprentice
4/23/2013 | 7:50:09 AM
re: No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
That link is to the 2012 report. The 2013 report is here-http://www.verizonenterprise.c...
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-26
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
PUBLISHED: 2021-01-26
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.
PUBLISHED: 2021-01-26
SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.
PUBLISHED: 2021-01-26
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an un...
PUBLISHED: 2021-01-26
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to...