Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:18 PM
Connect Directly

No 'One Size Fits All' In Data Breaches, New Verizon Report Finds

Verizon Data Breach Investigations Report 2013 says financial cybercrime accounting for three-fourths of real-world breaches, followed by cyberespionage in one-fifth of breaches

If there's one big theme of the just-released Verizon Data Breach Investigations Report (DBIR), it's demographics: All sizes of organizations are getting hacked, and different industries are getting hit for different reasons and with different attack methods.

"We shouldn't have a one-size-fits-all approach," Jay Jacobs, senior analyst for the Verizon RISK Team, says is one of the biggest takeaways from this year's report, which was the biggest one yet in terms of data and sources. "There's a big difference between [attacks hitting] a retailer and financial institutions versus manufacturers or consultants."

The report -- which draws from 621 confirmed data breaches, 47,000 reported security incidents, and 44 million compromised records worldwide in 2012 from Verizon as well as the US Computer Emergency Response Team and other national CERTs, the U.S. Secret Service, and law enforcement agencies in Europe -- shows that 75 percent of all breaches last year were the result of financially motivated cyberattacks, while 20 percent were cyberespionage for stealing intellectual property or other information for competitive purposes. Hacktivism remained steady, but with more distributed denial-of-service (DDoS) attacks than "doxing" or other forms or data theft.

Outsiders again reigned as the top attackers, making up 92 percent of the attackers that hit organizations last year. Next were state-sponsored attackers -- the majority from China -- with 19 percent of the attacks, and 14 percent were executed by insiders. Financial firms were hit the most, with 37 percent of last year's breaches, followed by retailers and restaurants, 24 percent; manufacturing, transportation, and utilities, 20 percent; and information services and professional services, 20 percent.

Nearly 40 percent of all attacks hit large organizations, but smaller organizations represented a large number of breached organizations when it came to cyberespionage-type attacks: Some 22 of the organizations suffering cyberespionage last year were firms with only one to 100 employees, mainly in manufacturing and professional services, and 23 firms with 101 to 1,000 employees, mainly in manufacturing. Firms with 1,001 to 10,000 employees accounted for 36 of the cyberespionage attacks.

"That size variable was a surprise to me," Jacobs says. "We saw an even split [overall] between large and small organizations ... The best theory we could come up with was that in a lot of the main industries here -- manufacturing and professionals services like consultants, programming or engineering -- there's a lot of intelligence-gathering in their relationships. So attackers may go after a small manufacturing company because they manufacture something on behalf of a bigger company. So they generate this intellectual property."

[Half of all targeted attacks last year hit companies with less than 2,500 employees, and overall, targeted cyberattacks jumped 42 percent in 2012, new Symantec data show. See Small Businesses Now Bigger Targets In Cyberattacks.]

Other key findings were that organizations typically don't discover that they've been breached for months and even years after the fact, and nearly 70 percent of them learn from a third party. And when it comes to cyberespionage attacks, 96 percent of them were attributed to attackers in China, while the majority of financially motivated breaches came from attackers in the U.S. or Eastern Europe. Romania was No. 1 there, with 28 percent of the attacks.

Origin of External Actors: Top 10

Source: 2013 Verizon Data Breach Investigations Report (DBIR)

And even amid growing concerns about mobile security and the bring-your-own device explosion, mobile wasn't a factor in the breaches last year, according to Verizon's report. "We're just not seeing [mobile] yet," Verizon's Jacobs says. "It's either because it's not holding data, or there's an easier path to the data ... But that may change as it becomes more ubiquitous and standardized."

A combination of methods contributed to attackers hitting their marks, but hacking (52 percent) was the most common technique, followed by malware (40 percent); physical, such as ATM skimmers (35 percent); social (29 percent); misuse (13 percent); and user mistakes (2 percent).

Meanwhile, the report highlights just how crucial demographics are to unraveling data breach incidents. Different industries are more prone to specific threats than others, for instance, and also face different types of attack methods. Smaller firms also face different attack methods than larger ones. "We see a diverse set of tactics," Jacobs says.

Financial cybercrime actors typically hit smaller organizations by compromising weak passwords on an admin's account, for example, and gather their intel on this via automated scans looking for open ports and weak passwords to gain remote admin control. "With smaller targets, it's more of low-hanging fruit," Jacobs says. "With larger targets, we see a more diverse set of attacks."

With larger targets, phishing and malware are a popular combination, especially in cyberespionage, but that also is typical with targeted spying attacks on smaller firms. The bottom line is a one-size-fits-all approach to security is detrimental, according to Verizon. "Any attempt to enforce a one-size-fits-all approach to securing our assets may result in leaving some organizations underprotected from targeted attacks, while others potentially overspend on defending against simpler opportunistic attacks," the report says.

Overall, phishing tactics quadrupled in 2012, a jump Verizon attributes to the popularity of phishing in targeted cyberespionage campaigns.

Organized crime syndicates mostly out of Eastern Europe and North America typically target the finance, retail, and food industries for payment cards, credentials, and bank information, while state-sponsored attackers mostly out of China go after manufacturing, professional, and transportation firms for credentials, organizations, data, trade secrets, and system information, the report says.

Hacktivists, mostly from North America and Western Europe, target information, public, and other services, mainly for credentials, personal information, and internal organization data, Verizon says.

"The bottom line is that unfortunately, no organization is immune to a data breach in this day and age," said Wade Baker, principal author of the DBIR reports. "We have the tools today to combat cybercrime, but it's really all about selecting the right ones and using them in the right way. In other words, understand your adversary -- know their motives and methods, and prepare your defenses accordingly and always keep your guard up."

The full Verizon 2013 DBIR is available here (PDF).

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
4/29/2013 | 5:43:59 PM
re: No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
I donGt think that it
is so much the size of the organizations as it is the ease of access into these
systems. Financial gains and corporate espionage
make up the top 2 on the list, and those factors do not care about the size or
demographic of your company. The chart really puts it into perspective for the reader.
Now take for example the governments in these countries and it also makes sense
as to high number of corporate espionage that is taking place in that county.
With the growing number of mobile devices and technology in the mobile field
constantly expanding the attacks and the vulnerabilities are sure to be on the
rise just as quickly as the industry.

Paul Sprague

InformationWeek Contributor
User Rank: Strategist
4/23/2013 | 11:38:00 AM
re: No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
Good catch, John! The URL in Verizon's release on the report was incorrect--updating my article now with the link to the latest report. Thank you.

Kelly Jackson Higgins, Senior Editor, Dark Reading
John Jameson
John Jameson,
User Rank: Apprentice
4/23/2013 | 7:50:09 AM
re: No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
That link is to the 2012 report. The 2013 report is here-http://www.verizonenterprise.c...
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...